All Documents
Current Document

Content is empty

If you don't find the content you expect, please try another search term

Documentation

Manage certificates

Last updated:2020-12-02 10:40:22

This topic describes how to use the certificate management feature in Advanced Tools of the Kingsoft Cloud CDN console.

Overview

You can configure an HTTPS certificate for a domain name that is added to Kingsoft Cloud CDN. Kingsoft Cloud CDN allows you to upload a custom certificate or select an existing certificate.

You can log in to the Kingsoft Cloud Certificate Management (KCM) console and choose Certificate > Certificate Request() to purchase an enterprise-level certificate. For more information, see Step 1: Complete the certificate request.

Procedure

Configure a certificate

If you have a certificate, you can upload the certificate to the Kingsoft Cloud CDN console to deploy the certificate. Log in to the Kingsoft Cloud CDN console, choose Advanced Tools > Certificate in the left navigation pane, and then click Configure certificates.

58.jpg

1. Select a domain name

On the Configure certificates page, select the domain name for which you want to configure a certificate from the Domain Name drop-down list.

59.jpg

Note:

You must select a domain name that has been added to Kingsoft Cloud CDN. The domain name must be in the In Configuration or Normal Running state. You cannot configure a certificate for a domain name for which the acceleration has been stopped.

2. Enter the certificate name

Enter the certificate name.

60.jpg

Note:

The certificate name cannot be changed after the certificate is configured.

3. Select the certificate

You can upload a custom certificate or select an existing certificate.

  • Upload a custom certificate

A custom certificate is a private certificate that has been purchased from Kingsoft Cloud or obtained from any third party. Select Upload a Custom Certificate, and copy and paste the server certificate and private key to the respective text fields.

61.jpg

Server certificate

The file name extension of a server certificate can be .pem, .crt, or .cer. If the file name extension is.pem, the certificate starts with "-----BEGIN CERTIFICATE-----" and ends with "-----END CERTIFICATE-----". Each row of the certificate body contains 64 characters, and the last row can contain fewer than 64 characters.

Private key

The file name extension of a private key can be .pem or .key. If the file extension name is .pem, the key starts with "-----BEGIN RSA PRIVATE KEY-----" and ends with "-----END RSA PRIVATE KEY-----". Each row of the key body contains 64 characters, and the last row can contain fewer than 64 characters.

If the certificate has been issued to you by an intermediate CA and the certificate package consists of multiple certificates, you must combine the server certificate and intermediate certificate before you upload them.

  • Select an existing certificate

An existing certificate is a certificate that has been configured and bound to a domain name before. Select Select An Existing Certificate, and select a certificate from the Certificate Name drop-down list.

62.jpg

4. View the certificate

After the certificate is configured, you can view the certificate on the Certificate page.

63.jpg

Query a certificate

On the Certificate page, enter the certificate name or domain name in the search box in the upper-right corner to query the certificate.

64.jpg

Edit a certificate

You can edit a certificate. Find the certificate that you want to edit, click Edit in the Operate column, and copy and paste the updated server certificate and private key to the respective text fields again.

65.jpg

Note:

The certificate editing process will not interrupt your business.

Delete a certificate

On the Certificate page, find the certificate that you want to delete, and click Delete in the Operate column.

66.jpg

Note:

You can delete only a certificate that has been unbound from a domain name.

Examples

HTTPS certificate configuration Kingsoft Cloud CDN supports only PEM certificates.

Example of a server certificate

-----BEGIN CERTIFICATE-----
MIIDCjCCAnOgAwIBAgIJAOZDywH2LkIYMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQxGzAZBgNVBAMTEnBpYzExMTExLmJhaWR1LmNvbTAeFw0x
NzA0MjcwMjU5NDdaFw0xNzA1MjcwMjU5NDdaMGIxCzAJBgNVBAYTAkFVMRMwEQYD
VQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBM
dGQxGzAZBgNVBAMTEnBpYzExMTExLmJhaWR1LmNvbTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAshiJyxYSMzRTs6SFQgsGpK4vt7aWn59p4t9NC8fwz8jc6Jdg
+IbxSrcj502Pif5idE5sUQw58UkbQtMqll14TbLc8x0axrSa6RRIvXCGcbNFEpp
l3yELOc+MrePasD82e1NnFtuIdey30L5ohnNxLbf5QDfmlDOdrGgQjz37+ECAwEA
AaOBxzCBxDAdBgNVHQ4EFgQU3/8hdWH5VMHLLZteZJ69JT9t7UwwgZQGA1UdIwSB
jDCBiYAU3/8hdWH5VMHLLZteZJ69JT9t7UyhZqRkMGIxCzAJBgNVBAYTAkFVMRMw
EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0
eSBMdGQxGzAZBgNVBAMTEnBpYzExMTExLmJhaWR1LmNvbYIJAOZDywH2LkIYMAwG
A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAQQMyYqCbmNgQ/J0eF+lhRlG6
r5Z48kCDfbO8q6wCT7zQ7hN82hwDSzB7eBfDRM + nDql2EpUqa65mNqo8CWjSf4MV
4ZnG7N84wCShb+vk26oVwFQVlddOxiHND1WMNO5zPcMyi2MQffyYGeJ/ki4cJSII
RAbXK4SCzoLAPTQ3C4c=
-----END CERTIFICATE-----

Certificate format

* The certificate must start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----. They are indispensable to the certificate.

* Each row of the certificate body contains 64 characters, and the last row can contain fewer than 64 characters.

Example of a private key

-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCyGInLFhIzNFOzpIVCCwakri+3tpafn2ni300Lx/DPyNzol2Br
4hvFKtyPnTY+J/mJ0TmxRDDnxSRtC0yqWXXhNstzzHRrGtJrpFEi9cIZxs0USmmX
fIQs5z4yt49qwPzZ7U2cW24h17LfQvmiGc3Ett/lAN+aUM52saBCPPfv4QIDAQAB
AoGAS8kFWdZaiE+MDrXDvwbSHOHCjHq2PdaoSFKdhpXec40V9CP2c/ITvyMuGC7e
FjUMiwjtc/GAnh/WEFDuns7Syf29XaK4x6Or0SLoi3gwsM1/Cz35+y7kbzTJNlQy
/yicvdgsPd8dqH2D0sJ2kK2e3hfNYzLNV/1bvVf91p855QECQQDWRRxPp8jRsvnJ
2+kL+mefKcHYlUfEhssQuMDBV4y2/VNAlAz4KNq/Hmc/zj2e5YRHamPH1VqR2R9g
Ta4UocitAkEA1MfjwCe/QJKMmJHhorqKqZ9GuN429moV932PEQKrHUazR2/GNs8f
MNkOWlObX0ya/rOtk6fkSuTwnnmo5MUmhQJAMZTKaVA88vFERcaCVcg6xCTIe1KH
yd0bDiKCT/rvT8SsyAu6OI5Tl9f0MlqJ/cPEaTYgIrSnAYrJbOJsvs90/QJBALhH
HXGveq07vlPsE5PRJoHclW1J1iP2oGuk7CB5RSSntGBr5yhUnNi7Qvjra6ZPO/TW
O7+jKc3LFLDLAICQVdkCQQCk+QIcG2fp9CqrVcGTuX7S5me0wI5azogi/nZcQCN5
/ceTmC9zjk9jsYA5oHJeBP11R1ApH05yTE3fybw4C/7a
-----END RSA PRIVATE KEY-----

Key format

* The key must start with -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----. They are indispensable to the key.

* Each row of the key body contains 64 characters, and the last row can contain fewer than 64 characters.

Convert a non-PEM certificate to a PEM certificate

Kingsoft Cloud CDN supports only PEM certificates. If you want to use a certificate in another format, you must convert the certificate to the PEM format before you upload the certificate. You can convert a certificate by using the OpenSSL tool.

Convert a DER certificate to a PEM certificate

Generally, a DER certificate is used on the Java platform.

  • Convert the certificate

    openssl x509 -inform der -in dercert.cer -out cert.pem
  • Convert the private key

    openssl rsa -inform DER -outform PEM -in derprivatekey.der -out privatekey.pem

    Convert a P7B certificate to a PEM certificate

Generally, a P7B certificate is used on a Windows server or Tomcat server.

  • Convert the certificate

    openssl pkcs7 -print_certs -in p7bcert.p7b -out cert.cer

    Obtain [-----BEGIN CERTIFICATE-----, -----END CERTIFICATE-----] from outcertificat.cer and upload the content as a certificate.

  • Convert the private key None.

Convert a PFX certificate to a PEM certificate

Generally, a PFX certificate is used on a Windows server.

  • Convert the certificate

    openssl pkcs12 -in pfxcert.pfx -nokeys -out cert.pem
  • Convert the private key

    openssl pkcs12 -in pfxcert.pfx -nocerts -nodes -out privatekey.pem 
On this page
Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen
Feedback