All Documents
Current Document
Content is empty
If you don't find the content you expect, please try another search term
Content is empty
If you don't find the content you expect, please try another search term
Last updated:2020-12-02 10:40:22
This topic describes how to use the certificate management feature in Advanced Tools of the Kingsoft Cloud CDN console.
You can configure an HTTPS certificate for a domain name that is added to Kingsoft Cloud CDN. Kingsoft Cloud CDN allows you to upload a custom certificate or select an existing certificate.
You can log in to the Kingsoft Cloud Certificate Management (KCM) console and choose Certificate > Certificate Request() to purchase an enterprise-level certificate. For more information, see Step 1: Complete the certificate request.
If you have a certificate, you can upload the certificate to the Kingsoft Cloud CDN console to deploy the certificate. Log in to the Kingsoft Cloud CDN console, choose Advanced Tools > Certificate in the left navigation pane, and then click Configure certificates.
1. Select a domain name
On the Configure certificates page, select the domain name for which you want to configure a certificate from the Domain Name drop-down list.
Note:
You must select a domain name that has been added to Kingsoft Cloud CDN. The domain name must be in the In Configuration or Normal Running state. You cannot configure a certificate for a domain name for which the acceleration has been stopped.
2. Enter the certificate name
Enter the certificate name.
Note:
The certificate name cannot be changed after the certificate is configured.
3. Select the certificate
You can upload a custom certificate or select an existing certificate.
A custom certificate is a private certificate that has been purchased from Kingsoft Cloud or obtained from any third party. Select Upload a Custom Certificate, and copy and paste the server certificate and private key to the respective text fields.
Server certificate
The file name extension of a server certificate can be .pem, .crt, or .cer. If the file name extension is.pem, the certificate starts with "-----BEGIN CERTIFICATE-----" and ends with "-----END CERTIFICATE-----". Each row of the certificate body contains 64 characters, and the last row can contain fewer than 64 characters.
Private key
The file name extension of a private key can be .pem or .key. If the file extension name is .pem, the key starts with "-----BEGIN RSA PRIVATE KEY-----" and ends with "-----END RSA PRIVATE KEY-----". Each row of the key body contains 64 characters, and the last row can contain fewer than 64 characters.
If the certificate has been issued to you by an intermediate CA and the certificate package consists of multiple certificates, you must combine the server certificate and intermediate certificate before you upload them.
An existing certificate is a certificate that has been configured and bound to a domain name before. Select Select An Existing Certificate, and select a certificate from the Certificate Name drop-down list.
4. View the certificate
After the certificate is configured, you can view the certificate on the Certificate page.
On the Certificate page, enter the certificate name or domain name in the search box in the upper-right corner to query the certificate.
You can edit a certificate. Find the certificate that you want to edit, click Edit in the Operate column, and copy and paste the updated server certificate and private key to the respective text fields again.
Note:
The certificate editing process will not interrupt your business.
On the Certificate page, find the certificate that you want to delete, and click Delete in the Operate column.
Note:
You can delete only a certificate that has been unbound from a domain name.
HTTPS certificate configuration Kingsoft Cloud CDN supports only PEM certificates.
Example of a server certificate
-----BEGIN CERTIFICATE-----
MIIDCjCCAnOgAwIBAgIJAOZDywH2LkIYMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQxGzAZBgNVBAMTEnBpYzExMTExLmJhaWR1LmNvbTAeFw0x
NzA0MjcwMjU5NDdaFw0xNzA1MjcwMjU5NDdaMGIxCzAJBgNVBAYTAkFVMRMwEQYD
VQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBM
dGQxGzAZBgNVBAMTEnBpYzExMTExLmJhaWR1LmNvbTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAshiJyxYSMzRTs6SFQgsGpK4vt7aWn59p4t9NC8fwz8jc6Jdg
+IbxSrcj502Pif5idE5sUQw58UkbQtMqll14TbLc8x0axrSa6RRIvXCGcbNFEpp
l3yELOc+MrePasD82e1NnFtuIdey30L5ohnNxLbf5QDfmlDOdrGgQjz37+ECAwEA
AaOBxzCBxDAdBgNVHQ4EFgQU3/8hdWH5VMHLLZteZJ69JT9t7UwwgZQGA1UdIwSB
jDCBiYAU3/8hdWH5VMHLLZteZJ69JT9t7UyhZqRkMGIxCzAJBgNVBAYTAkFVMRMw
EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0
eSBMdGQxGzAZBgNVBAMTEnBpYzExMTExLmJhaWR1LmNvbYIJAOZDywH2LkIYMAwG
A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAQQMyYqCbmNgQ/J0eF+lhRlG6
r5Z48kCDfbO8q6wCT7zQ7hN82hwDSzB7eBfDRM + nDql2EpUqa65mNqo8CWjSf4MV
4ZnG7N84wCShb+vk26oVwFQVlddOxiHND1WMNO5zPcMyi2MQffyYGeJ/ki4cJSII
RAbXK4SCzoLAPTQ3C4c=
-----END CERTIFICATE-----Certificate format
* The certificate must start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----. They are indispensable to the certificate.
* Each row of the certificate body contains 64 characters, and the last row can contain fewer than 64 characters.
Example of a private key
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCyGInLFhIzNFOzpIVCCwakri+3tpafn2ni300Lx/DPyNzol2Br
4hvFKtyPnTY+J/mJ0TmxRDDnxSRtC0yqWXXhNstzzHRrGtJrpFEi9cIZxs0USmmX
fIQs5z4yt49qwPzZ7U2cW24h17LfQvmiGc3Ett/lAN+aUM52saBCPPfv4QIDAQAB
AoGAS8kFWdZaiE+MDrXDvwbSHOHCjHq2PdaoSFKdhpXec40V9CP2c/ITvyMuGC7e
FjUMiwjtc/GAnh/WEFDuns7Syf29XaK4x6Or0SLoi3gwsM1/Cz35+y7kbzTJNlQy
/yicvdgsPd8dqH2D0sJ2kK2e3hfNYzLNV/1bvVf91p855QECQQDWRRxPp8jRsvnJ
2+kL+mefKcHYlUfEhssQuMDBV4y2/VNAlAz4KNq/Hmc/zj2e5YRHamPH1VqR2R9g
Ta4UocitAkEA1MfjwCe/QJKMmJHhorqKqZ9GuN429moV932PEQKrHUazR2/GNs8f
MNkOWlObX0ya/rOtk6fkSuTwnnmo5MUmhQJAMZTKaVA88vFERcaCVcg6xCTIe1KH
yd0bDiKCT/rvT8SsyAu6OI5Tl9f0MlqJ/cPEaTYgIrSnAYrJbOJsvs90/QJBALhH
HXGveq07vlPsE5PRJoHclW1J1iP2oGuk7CB5RSSntGBr5yhUnNi7Qvjra6ZPO/TW
O7+jKc3LFLDLAICQVdkCQQCk+QIcG2fp9CqrVcGTuX7S5me0wI5azogi/nZcQCN5
/ceTmC9zjk9jsYA5oHJeBP11R1ApH05yTE3fybw4C/7a
-----END RSA PRIVATE KEY-----Key format
* The key must start with -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----. They are indispensable to the key.
* Each row of the key body contains 64 characters, and the last row can contain fewer than 64 characters.
Convert a non-PEM certificate to a PEM certificate
Kingsoft Cloud CDN supports only PEM certificates. If you want to use a certificate in another format, you must convert the certificate to the PEM format before you upload the certificate. You can convert a certificate by using the OpenSSL tool.
Convert a DER certificate to a PEM certificate
Generally, a DER certificate is used on the Java platform.
Convert the certificate
openssl x509 -inform der -in dercert.cer -out cert.pemConvert the private key
openssl rsa -inform DER -outform PEM -in derprivatekey.der -out privatekey.pemConvert a P7B certificate to a PEM certificate
Generally, a P7B certificate is used on a Windows server or Tomcat server.
Convert the certificate
openssl pkcs7 -print_certs -in p7bcert.p7b -out cert.cerObtain [-----BEGIN CERTIFICATE-----, -----END CERTIFICATE-----] from outcertificat.cer and upload the content as a certificate.
Convert a PFX certificate to a PEM certificate
Generally, a PFX certificate is used on a Windows server.
Convert the certificate
openssl pkcs12 -in pfxcert.pfx -nokeys -out cert.pemConvert the private key
openssl pkcs12 -in pfxcert.pfx -nocerts -nodes -out privatekey.pem Pure Mode