Overview
The HTTPS protocol is a network protocol built based on the SSL and HTTP protocols for encrypted transfer and authentication, which is more secure than the HTTP protocol. If you want to enable HTTPS acceleration, you can do so by enabling the HTTPS feature for the playback domain name and configuring a correct and valid certificate. You can purchase a certificate from Tencent Cloud SSL Certificate Service. If you already have one, you can upload it to the CSS console for configuration. Currently, CSS only supports the PEM format. If your certificate is in another format, you need to convert it to PEM format first. The format requirements and configuration method for the certificate are as follows: Prerequisites
Directions
Step 1. Edit the HTTPS configuration
1. Enter Domain Management and click the playback domain name to be configured or Manage on the right to enter the domain name details page. 2. Select Advanced Configuration > HTTPS Configuration, then click to enable the HTTPS service. 3. After enabling the HTTPS service, enter the HTTPS Configuration page and proceed with the following settings:
4. Select the source of the certificate to be configured, enter relevant information, and click Save.
|
Self-owned certificate | Certificate Name: enter a custom name used to identify the certificate. Certificate Content: enter the content of the .crt file for Nginx. For more information, please see Certificate content. Private Key Content: enter the content of the .key file for Nginx. For more information, please see Certificate key. |
Tencent Cloud-hosted certificate | |
Note:
The HTTPS feature will take effect approximately 2 hours after configuration is completed, please be patient.
Certificate Description
A certificate provided by the CA includes Apache, IIS, Nginx, and Tomcat files. The encryption service of CSS uses Nginx, so you should select the content of the Nginx files for the configuration. Go to SSL Certificate Service console > Certificate Management, select the target certificate, click Download in the "Operation" column, and decompress the downloaded package to get the following files: enter the entire content between -----BEGIN CERTIFICATE-----
and -----END CERTIFICATE-----
in the .crt
file for Nginx.
Sample content:
Note:
If your certificate is issued by an intermediate CA and contains multiple certificates, the certificate content should be spliced as follows:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Certificate
private key: enter the entire content between -----BEGIN RSA PRIVATE KEY-----
and -----END RSA PRIVATE KEY-----
in the .key
file for Nginx.
Sample content:
Step 2. Verify the configuration
The HTTPS configuration will take effect in about 2 hours. Please visit the domain name about 2 hours after the certificate is submitted. If HTTPS is displayed in the address bar of the browser, the configuration is successful.
Step 3. Modify the configuration
The HTTPS feature can be enabled and disabled. Once it is disabled, CSS will no longer provide HTTPS service for the domain name. If the certificate has expired, it should be replaced with a new valid one.
FAQs
Was this page helpful?