Certificate Management
Last updated: 2025-06-30 16:50:21
Overview
An HTTPS certificate (also known as an SSL/TLS certificate) is a digital certificate issued by a trusted certificate authority (CA), and is used to verify the identity of a website and enable encrypted connections. It uses the SSL/TLS protocol to establish a secure channel between the client (such as a browser) and the server, ensuring the confidentiality (anti-eavesdropping), integrity (anti-tampering), and authenticity (anti-spoofing) of data transmission. The certificate contains the website's public key, domain name, CA information, and validity period. When you use Global Accelerator to create an HTTPS listener, you need to upload and manage the certificate.
Authentication Mode
You can select the HTTPS authentication mode for the Global Accelerator listener instance as needed. Both one-way authentication and mutual authentication are supported, and the core difference between them lies in the direction and strictness of identity authentication.
One-way authentication: The client verifies the server's identity, but the server does not verify the client's. In this authentication mode, you only need to upload the server certificate to Global Accelerator. This mode is suitable for public services such as ordinary website browsing and e-commerce platforms. Users do not need to pre-configure certificates.
Mutual authentication: The client and the server verify each other's identities. In this authentication mode, you need to upload both the server certificate and the client certificate to Global Accelerator. This mode is suitable for scenarios with high-security requirements, such as enterprise private networks, financial systems, and medical data exchange. Only clients holding legitimate certificates are allowed to access.
Comparison Item | One-Way Authentication | Mutual Authentication |
Verifier | Only the client verifies the server. | Both parties verify each other. |
Client certificate | Not required | Configuration required. |
Security | Moderate (anti-eavesdropping and anti-tampering). | Higher (anti-spoofing and anti-MITM (Man-in-the-Middle) attacks). |
Complexity | Simple configuration. You only need to upload the server certificate. | You need to upload both the server certificate and the client certificate. |
Typical application | Ordinary websites. | Banking systems and internal APIs. |
Certificate Type
The certificate types are divided into default server certificate, CA certificate, and custom server certificate. You only need to upload and manage the CA certificate when you select mutual authentication as the authentication mode.
Certificate Type | Description |
Default server certificate | The default certificate is the server certificate uploaded when a listener is created. When a client request does not match any other custom server certificates, Global Accelerator will return the default certificate for HTTPS authentication. The default certificate can only be replaced, and cannot be deleted or added. One HTTPS listener has exactly one default certificate. |
Custom server certificate | When you need to use a Global Accelerator instance to accelerate multiple HTTPS domain names, you can add multiple custom certificates to the listener, with each certificate corresponding to a different domain name. Note: A custom certificate can be replaced. The domain name of the new certificate that replaces the old one should be consistent with the domain name of the old one. Otherwise, the replacement cannot be completed. |
CA certificate | When you select mutual authentication as the authentication mode, in addition to the server certificate, you also need to upload the CA certificate to verify the legitimacy of the client's identity. The CA certificate can be replaced, but cannot be deleted or added. One HTTPS listener has exactly one CA certificate. |
Associated Domain Name
Global Accelerator supports adding multiple domain name certificates for one HTTPS listener to achieve flexible management during multi-domain name acceleration. When adding a custom server certificate, you need to create an association between the certificate and the domain name. After the association is created, Global Accelerator will return the corresponding certificate based on the domain name of the client request. If no domain name contained in the custom certificate is matched, the default certificate will be returned.
Uploading Certificates
Prerequisites
You have completed the creation of a Global Accelerator instance and an HTTPS listener.
Directions
1. Log in to the Global Acceleration Console.
2. On the instance list page, click the target Instance ID and go to the instance details page.
3. Click the listener ID in the listener tab and go to the listener details page.
4. Click Certificate Management and go to the certificate management tab.
5. Click Add Certificate to add a certificate and complete the configuration in the pop-up window.
Configuration Item | Description |
Certificate Type | The type of the added certificate. Only custom server certificates can be added. |
Certificate | Select the certificate to be added. You can manage the certificates in a unified way in the SSL console. |
Associated Domain Name | The domain name contained in a server certificate. Global Accelerator will return the corresponding certificate based on the domain name of the client request. |
Replacing a Certificate
1. Log in to the Global Acceleration Console.
2. On the instance list page, click the target Instance ID and go to the instance details page.
3. Click the listener ID in the listener tab and go to the listener details page.
4. Click Certificate Management and go to the certificate management tab.
5. Click Replacement on the right of an existing certificate to replace the certificate.
Note:
When you replace a custom server certificate, the domain name of the new certificate that replaces the old one should be consistent with the domain name of the old one. Otherwise, the replacement cannot be completed. When you replace the default certificate or the CA certificate, domain name consistency is not required.
Deleting Certificates
1. Log in to the Global Acceleration Console.
2. On the instance list page, click the target Instance ID and go to the instance details page.
3. Click the listener ID in the listener tab and go to the listener details page.
4. Click Certificate Management and go to the certificate management tab.
5. Click Delete on the right of an existing custom server certificate.
6. In the pop-up window, click Confirm to complete the deletion.
Documentation
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback