ApsaraVideo Live supports HTTPS for accelerated content delivery. You can upload a custom certificate or deploy a certificate from Certificate Management Service to Alibaba Cloud CDN to enable HTTPS acceleration and end-to-end data encryption.
Background
Certificate types vary by validation level, each offering different security guarantees for different website types. For more information, see What is Certificate Management Service?.
ApsaraVideo Live supports only PEM-format certificates. If your certificate is in a different format, you must convert it first. For more information, see Convert certificate formats.
-
The .crt file extension stands for certificate. A .crt file can be in either PEM or Distinguished Encoding Rules (DER) format. Verify whether format conversion is necessary before proceeding.
-
A PEM file is a text-based format that starts with -----BEGIN *----- and ends with -----END *-----. The content between these lines is Base64-encoded. This format can store both a certificate and its private key. A PEM-formatted private key typically uses the .key file extension.
Prerequisites
-
If you already have an HTTPS certificate, make sure it meets the format requirements. For more information, see Certificate format requirements.
-
If you need to purchase a certificate, you can apply for a free or paid certificate in the Certificate Management Service console.
Configure or update an HTTPS certificate
Log on to the ApsaraVideo Live console.
-
In the left-side navigation pane, choose .
-
On the Certificates page, click Add Certificate.
On the Add Certificate page, configure the certificate parameters:
-
Select a certificate, configure the following parameters, and then click Next.
Parameter
Description
Certificate Type
Certificate Management Service is selected by default.
Certificate Name
Select your certificate from the drop-down list.
Certificate (Public Key)
The system automatically populates the public key after you select a certificate.
Private Key
The system automatically populates the private key, but it is not displayed for security.
-
Associate the certificate with the matching domain name.
Note-
If the domain name already has a certificate, the new certificate overwrites the existing one.
-
You can deploy and update certificates for multiple domain names in batches.
-
-
Click OK to complete the certificate deployment and update.
-
Query certificates
On the Certificates page, you can view certificate details, including the Accelerated Domain Name, Certificate Name, and Certificate Status.
|
Certificate Status |
Description |
|
Normal |
The certificate is valid for the domain name. |
|
Not Matched |
The domain name does not match the certificate. You must update the certificate immediately. For more information, see Configure or update an HTTPS certificate. |
|
Pending Expiration |
The certificate is about to expire. You must renew it promptly. For more information, see Renew and manage an expiring SSL certificate. |
|
Expired |
The certificate has expired. You can update the expired certificate. For more information, see Configure or update an HTTPS certificate. |
Verify the HTTPS configuration
The updated HTTPS certificate takes effect across the network in about one minute. To verify, access your domain over HTTPS, such as https://example.com. A lock icon in your browser's address bar confirms that HTTPS is working.