Uploading a Certificate

This section describes how to upload a certificate.

Prerequisites

Login credentials have been obtained.

Procedure

  1. Log in to the management console.

  2. Click image1 in the upper left corner of the management console and select a region or project.

  3. Choose Security > Web Application Firewall.

  4. In the navigation pane, choose Certificates. The Certificates page is displayed, as shown in Figure 1.

    **Figure 1** Certificates

    Figure 1 Certificates

    Note

    In the upper part of the certificate list, click Quota details to view the certificate quota.

  5. In the upper right corner of the displayed page, click Upload Certificate. In the displayed Upload Certificate dialog box, enter the certificate name and paste the certificate file and private key to the corresponding text boxes. Figure 2 shows an example.

    **Figure 2** Uploading a certificate

    Figure 2 Uploading a certificate

    Note

    • In the Upload Certificate dialog box, click Quota details to view the certificate quota.

    • WAF encrypts and saves the private key to keep it safe.

    • For details about the combination sequence of a certificate chain, see How Do I Fix an Incomplete Certificate Chain?

    Currently, only .pem certificates are supported. If the certificate is not in .pem format, convert it into a .pem certificate by referring to Table 1 before uploading.

    Table 1 Certificate conversion commands

    Format

    Usage (Using OpenSSL)

    CER/CRT

    Rename the cert.crt certificate file to cert.pem.

    PFX

    • Obtain a private key. For example, run the following command to convert cert.pfx into cert.key:

      openssl pkcs12 -in cert.pfx -nocerts -out cert.key -nodes

    • Obtain a certificate. For example, run the following command to convert cert.pfx into cert.pem:

      openssl pkcs12 -in cert.pfx -nokeys -out cert.pem

    P7B

    1. Convert a certificate. For example, run the following command to convert cert.p7b into cert.cer:

      openssl pkcs7 -print_certs -in cert.p7b -out cert.cer

    2. Rename certificate file cert.cer to cert.pem.

    DER

    • Obtain a private key. For example, run the following command to convert **privatekey.der** into privatekey.pem:

      openssl rsa -inform DER -outform PEM -in privatekey.der -out privatekey.pem

    • Obtain a certificate. As an example, run the following command to convert cert.cer into cert.pem:

      openssl x509 -inform der -in cert.cer -out cert.pem

  6. Click OK.

    Note

    • If the number of uploaded certificates reaches the upper limit, delete the certificates that are not associated with any domain names by referring to Deleting a Certificate and then upload a certificate again.

    • To modify a certificate name, click image2 next to the target certificate name in the Certificate Name column.

last updated: 2024-04-24 00:03