Managing Certificates

Cloud Load Balancer

Release Notes and Announcements

CLB Release Notes

[January 01, 2025] Announcement for Launch of CLB Resource Packages

[April 15, 2024] Domain Name Upgrade for Domain Name-based Public Network CLB

[July 25, 2023] Adding Rate Limits on Shared CLB Instances

[July 3, 2023] CLB API Authentication Upgrade

[June 9, 2023] Adjusting the Grace Period for Pay-as-you-go CLB Instances

[March 6, 2023] Launching Domain Name-Based Public CLBs

[Feb. 24, 2023] Changing Health Check Source IP to 100.64.0.0/10 IP Range

Product Introduction

Product Comparison

Instance Types Comparison

Instance Specifications Comparison

Purchase Guide

Billing

Cross-region Binding Fee

CLB Resource Package

CLB Resource Package Overview

Purchasing CLB Resource Packages

CLB Resource Package Refund Policy

CLB Resource Package Renewal

Purchase Methods

Payment Overdue

Product Attribute Selection

Getting Started

Getting Started with Domain Name-Based CLB

Getting Started with CLB

Getting Started with IPv6 CLB

Deploying Nginx on CentOS

Deploying Java Web on CentOS

Operation Guide

CLB Instance

Directions for Upgrading to Domain Name-Based CLB

Creating CLB Instances

Creating an IPv6 CLB Instance

Creating IPv6 NAT64 CLB Instances

Configure CLB Forwarding Domain Name

Configuring CLB Security Group

Binding Private Network CLB to EIP

Enabling or Disabling a CLB Instance

Cloning CLB Instances

Exporting CLB Instances

Upgrade to a LCU-supported instances

Adjusting Specification of LCU-supported CLBs

Deleting CLB Instances

Releasing Idle CLB Instances

Configuring Deletion Protection

Adjusting Instance Public Network Configurations

CLB Listener

CLB Listener Overview

Configuring TCP Listener

Configuring a UDP Listener

Configuring TCP SSL Listener

Configuring a QUIC Listener

Configuring an HTTP Listener

Configuring HTTPS Listener

Load Balancing Methods

Session Persistence

Layer-7 Redirection Configuration

Layer-7 Custom Configuration

Layer-7 Domain Name Forwarding and URL Rules

Using QUIC Protocol on CLB

SNI Support for Binding Multiple Certificates to a CLB Instance

Configuring gRPC Support for Layer-7 Protocols

Real Server

Real Server Overview

Managing Real Servers

Binding an ENI

Binding with SCF

Cross-Region Binding 2.0 (New)

Hybrid Cloud Deployment

Configuring CVM Security Groups

Health Check

Health Check Overview

Configuring Health Check

Setting 100.64.0.0/10 IP ‍Range as the Health Check IP

Verifying Health Check Source IPs

Certificate Management

Managing Certificates

Certificate Requirements and Certificate Format Conversion

SSL One-way Authentication and Mutual Authentication

Log Management

Access Log Overview

Viewing Operation Logs

Configuring Access Logs

Sampling Logs

Configuring Health Check Logs

Accessing Log Dashboard

Monitoring and Alarm

Obtaining Monitoring Data

Monitoring Metrics

Configuring Alarm Policy

Alarming Metric Descriptions

Cloud Access Management

Overview

Authorization Definition

Policy Examples

Classic CLB

Classic CLB Overview

Configuring Classic CLB

Managing Real Servers of Classic CLB Instances

Practical Tutorial

Enabling Gzip Compression & Testing

HTTPS Forwarding Configurations

Obtaining Real Client IPs

Obtaining Real Client IPs in IPv4 CLB Scenarios

Obtaining Real Client IPs via TOA in Hybrid Cloud Deployment

Best Practices for Configuring Load Balancing Monitoring Alerts

Implementing HA Across Multiple AZs

Load Balancing Algorithm Selection and Weight Configuration Examples

Configuring WAF protection for CLB listening domain names

Configure IAP to authenticate web access to the CLB domain and path

Configure IAP to authenticate programmatic access to CLB's domain and path

Ops Guide

Solution to Excessive Clients in TIME_WAIT Status

Load Balancer HTTPS Service Performance Test

Stress Testing FAQ

CLB Certificate Operation Permissions

Troubleshooting

UDP Health Check Exception

API Documentation

History

Introduction

API Category

Instance APIs

DescribeLoadBalancers

CloneLoadBalancer

CreateLoadBalancer

ModifyLoadBalancerAttributes

DescribeLoadBalancersDetail

Listener APIs

ModifyDomainAttributes

DeleteListener

DeleteLoadBalancerListeners

Backend Service APIs

BatchModifyTargetWeight

DeregisterTargets

BatchDeregisterTargets

DescribeTargetHealth

DeregisterFunctionTargets

DescribeCrossTargets

ModifyFunctionTargets

RegisterFunctionTargets

Target Group APIs

DescribeTargetGroupList

ModifyTargetGroupAttribute

AssociateTargetGroups

DisassociateTargetGroups

RegisterTargetGroupInstances

DeregisterTargetGroupInstances

DescribeTargetGroupInstances

ModifyTargetGroupInstancesPort

ModifyTargetGroupInstancesWeight

Redirection APIs

Other APIs

CreateLoadBalancerSnatIps

DeleteLoadBalancerSnatIps

DescribeLoadBalancerListByCertId

DescribeQuota

ModifyLoadBalancersProject

ReplaceCertForLoadBalancers

SetLoadBalancerClsLog

SetLoadBalancerSecurityGroups

SetLoadBalancerStartStatus

SetSecurityGroupForLoadbalancers

CreateClsLogSet

CreateTopic

DescribeLoadBalancerTraffic

DescribeResources

DescribeTaskStatus

InquiryPriceCreateLoadBalancer

InquiryPriceModifyLoadBalancer

InquiryPriceRenewLoadBalancer

Classic CLB APIs

DescribeClassicalLBListeners

DescribeClassicalLBTargets

DescribeClassicalLBHealthStatus

RegisterTargetsWithClassicalLB

DeregisterTargetsFromClassicalLB

DescribeClassicalLBByInstanceId

MigrateClassicalLoadBalancers

Making API Requests

Load Balancing APIs

DescribeCustomizedConfigList

DescribeIdleLoadBalancers

DescribeLBListeners

SetCustomizedConfigForLoadBalancer

DescribeCustomizedConfigAssociateList

DescribeLoadBalancerOverview

InquiryPriceRefundLoadBalancer

ModifyLoadBalancerSla

CLB API 2017

Making API Requests

Request Structure

Request Structure Overview

Common Request Parameters

API Request Parameters

Returned Results

Response Format for Asynchronous Task APIs

Response Structure

Sample Codes

General APIs

DescribeLoadBalancersTaskResult

CreateLoadBalancer

InquiryLBPriceAll

DescribeLoadBalancers

DeleteLoadBalancers

GetMonitorData

ReplaceCert

GetCertListWithLoadBalancer

DescribeLoadBalancerLog

CloneLB

Classic CLB APIs

APIs for CLB Instances

ModifyLoadBalancerAttributes

APIs for Listeners

Create CLB Listeners

DescribeLoadBalancerListeners

DeleteLoadBalancerListeners

ModifyLoadBalancerListener

DescribeLoadBalancerListeners

CLB Real Server APIs

RegisterInstancesWithLoadBalancer

DescribeLoadBalancerBackends

ModifyLoadBalancerBackends

DeregisterInstancesFromLoadBalancer

APIs for Health Check

DescribeLBHealthStatus

FAQs

Billing

CLB Configuration

Troubleshooting Health Check Issues

Troubleshooting Health Check Issues v2

HTTPS

WS/WSS Protocol Support

HTTP/2 Protocol Support

Default Domain Name Blocking Prompt

Service Level Agreement

Glossary

DocumentationCloud Load BalancerOperation Guide Certificate ManagementManaging Certificates

Managing Certificates

Download PDF

Last updated: 2024-01-04 14:34:05

Managing Certificates

Last updated: 2024-01-04 14:34:05

Download PDF

When configuring an HTTPS listener of a CLB instance, you can directly use a certificate in SSL Certificate Service or upload the third-party server certificate and SSL certificate that you require to the CLB console.
Certificate Requirements
CLB supports only certificates in PEM format. Before uploading a certificate, make sure that your certificate, certificate chain, and private key meet the format requirement. For information about the certificate requirements, see Certificate Requirements and Certificate Format Conversion.
Certificate Encryption Algorithms
CLB supports the following algorithms for certificate encryption: ECC and RSA. For more information about the algorithms, see What are the differences between RSA and ECC?.
Note:
You can configure two certificates that use different algorithms in SSL parsing for HTTPS listeners. For more information, see Configuring an HTTPS Listener.﻿
Listener Type
Supported Encryption Algorithm When Configuring One Certificate
Supported Encryption Algorithms When Configuring Two Certificates
HTTPS
RSA or ECC
RSA and ECC
TCP_SSL, QUIC
RSA or ECC
Does not support configuring two certificates that use different encryption algorithms.
TCP, UDP, HTTP
Does not support configuring certificates.
Does not support configuring certificates.
Configuring Certificates
There are two types of certificate configuration for an HTTPS listener:
Listener-level certificate configuration: If SNI is not enabled, the same certificate is configured for all domain names under the listener. For more information, see Configuring an HTTPS Listener.
Domain name-level certificate configuration: If SNI is enabled, different certificates can be configured for different domain names under the listener. For more information, see SNI Support for Binding Multiple Certificates to a CLB Instance.
Updating Certificates
To prevent certificate expiration from affecting your service, please update your certificate before it expires.
Note:
After a certificate is updated, the system does not delete the legacy certificate but generates a new one. The certificate will be automatically updated for all CLB instances that use it.
1. Log in to the CLB console.
2. Click Certificate management in the left sidebar.
3. In the certificate list, click Update in the Operation column of the target certificate.
4. In the pop-up window, enter the content and key of the new certificate and click Submit.
﻿
Viewing CLB Instances Associated with a Certificate
1. Log in to the CLB console.
2. Click Certificate management in the left sidebar.
3. In the certificate list, click the ID of the target certificate.
4. On the Basic information page, view the CLB instances associated with the certificate.
﻿
﻿

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

Listener Type	Supported Encryption Algorithm When Configuring One Certificate	Supported Encryption Algorithms When Configuring Two Certificates
HTTPS	RSA or ECC	RSA and ECC
TCP_SSL, QUIC	RSA or ECC	Does not support configuring two certificates that use different encryption algorithms.
TCP, UDP, HTTP	Does not support configuring certificates.	Does not support configuring certificates.

tencent cloud

New User Offers

Next-Generation CDN：EdgeOne

Elasticsearch Service free trial

Free Tier

Tencent Cloud Startup Program

Special Offers

Lighthouse Special Offers

Cloud Object Storage Special Offers

Featured Products

New Products

Education

Tencent Cloud Online Education Solutions

Gaming

Gaming Solution

Game Media Solutions

E-commerce

E-commerce retail solutions

Audio & Video

Audio/Video Solution

LVB Recording Solution

Interactive Classroom Solution

Interactive Live Streaming Solution

Audio Chat Social Networking Solution

Financial Services

Financial Services Solution

Compute

Cloud Virtual Machine

Auto Scaling

Batch Compute

CVM Dedicated Host

Database

TencentDB for MySQL

TencentDB for Redis®

TencentDB for CTSDB

TDSQL for MySQL

Data Transfer Service

TencentDB for MongoDB

TencentDB for PostgreSQL

TencentDB for SQL Server

Video Service

Cloud Streaming Services

Video on Demand

Media Processing Service

Cloud Application Rendering

Cloud Contact Center

Game Multimedia Engine

Chat

Real-time Communication

Tencent Effect SDK

AI and Machine Learning

Image Creation Large Model

Face Fusion

eKYC

Optical Character Recognition

Video Creation Large Model

Industry Applications

Tencent HealthCare Omics Platform

Container and Middleware

TDMQ for CKafka

Serverless Cloud Function

Tencent Kubernetes Engine

Tencent Kubernetes Engine for Serverless

Networking

Cloud Load Balancer

Virtual Private Cloud

Direct Connect

Cloud Connect Network

NAT Gateway

VPN Connection

Bandwidth Package

Anycast Internet Acceleration

Elastic Network Interface

Flow Logs

Global Application Acceleration Platform

Security

Captcha

Cloud Workload Protection Platform

Data Security Governance Center

Key Management Service