Edge Acceleration
  • Site Acceleration
    • Overview
    • Access Control
      • Token authentication
        • Token Authentication
        • Authentication Method A
        • Authentication Method B
        • Authentication Method C
        • Authentication Method D
        • Authentication Method V
    • Smart Acceleration
    • Cache configuration
      • Overview
      • EdgeOne caching rules introduction
        • Content Cache Rules
        • Cache Key Introduction
        • Vary Feature
      • Cache Configuration
        • Custom Cache Key
        • Node Cache TTL
        • Status Code Cache TTL
        • Browser Cache TTL
        • Offline Caching
        • Cache Prefresh
      • Clear and Preheat Cach
        • Cache Purge
        • URL Pre-Warming
        • Prefetch M3U8
      • How to improve the Cache Hit Rate of EdgeOne
    • File Optimization
      • Content Compression
      • Smart Compression
    • Network Optimization
      • HTTP/2
      • HTTP/3(QUIC)
        • Overview
        • Enable HTTP/3
        • QUIC SDK
          • SDK Overview
          • SDK Download and Integration
          • Sample Code
            • Android
            • iOS
          • API Documentation
            • Android
            • iOS
      • IPv6 Access
      • Maximum Upload Size
      • WebSocket
      • Client IP Geolocation Header
      • Client IP Geographical Location
      • gRPC
      • Network Error Logging
    • URL Rewrite
      • Access URL Redirection
      • Origin-Pull URL Rewrite
    • Modifying Header
      • Modifying HTTP Response Headers
      • Modifying HTTP Request Headers
    • Modify response content
      • HTTP Response
      • Custom Error Page
    • Rules Engine
      • Overview
      • Rule Management
      • variables
      • Supported Matching Types and Actions
    • Image and video processing
      • Audio and Video Pre-pulling
      • Just-in-Time Image Processing
      • Video Just-In-Time Processing
      • VOD Media Origin
    • Speed limit for single connection download
    • Request and Response Actions
      • HTTP Response
      • Processing order
      • Default HTTP Headers of Origin-Pull Requests
      • Default HTTP Response Headers
      • HTTP Restrictions
    • Media Services
      • Audio and Video Pre-pulling
      • Just-in-Time Image Processing
      • Just-in-Time Media Processing
      • VOD Media Origin
  • L4 Proxy
    • Overview
    • Creating an L4 Proxy Instance
    • Modifying an L4 Proxy Instance
    • Disabling or Deleting an L4 Proxy Instance
    • Batch Configuring Forwarding Rules
    • Obtaining Real Client IPs
      • Obtaining Real TCP Client IPs via TOA
      • Obtaining Real Client IPs Through Protocol V1/V2
        • Overview
        • Method 1: Obtaining Real Client IPs Through Nginx
        • Method 2: Parsing Real Client IPs on Application Server
        • Format of Real Client IPs Obtained Through Proxy Protocol V1/V2
      • Transmitting Client Real IP via SPP Protocol
  • Domain name service and origin server configuration
    • Domain Name Services
      • Overview
      • DNS resolution for managed domains
        • Modifying DNS Servers
        • Configuring DNS Records
        • Batch Importing DNS Records
        • Advanced DNS Configuration
      • Access accelerated domains
        • Adding A Domain Name for Acceleration
        • Ownership Verification
        • Modifying CNAME Records
        • Verify Business Access
      • Traffic scheduling
        • Traffic Scheduling Management
    • HTTPS Certificate
      • Overview
      • Edge HTTPS Certificate
        • Overview
        • Deploying/Updating SSL Certificate for A Domain Name
        • Configuring A Free Certificate for A Domain Name
        • Using Keyless Certificate
      • Edge mTLS Authentication
      • Origin Certificate Validation
      • HTTPS configuration
        • Forced HTTPS Access
        • Enabling HSTS
        • SSL/TLS security configuration
          • Configuring SSL/TLS Security
          • TLS Versions and Cipher Suites
        • Enabling OCSP Stapling
      • Related References
        • Using OpenSSL to Generate Self-Signed Certificates
        • Certificate Format Requirements
        • The Difference Between one-way authentication and Mutual authentication
    • Origin Configuration
      • Load Balancing
        • Overview
        • Quickly Create Load Balancers
        • Health Check Policies
        • Viewing the Health Status of Origin Server
        • Related References
          • Load Balancing-Related Concepts
          • Introduction to Request Retry Strategy
      • Origin Group Configuration
      • Origin configuration
        • Origin-Pull Timeout
        • Configuring Origin-Pull HTTPS
        • Host Header Rewrite
        • Controlling Origin-pull Requests
        • Redirect Following During Origin-Pull
        • HTTP/2 Origin-Pull
        • Range GETs
        • Modify Origin
        • Origin-pull Rate Limiting Policy
      • Origin Protection(Obtaining/Updating Origin IP Address Range)
      • Related References
        • ld Version Origin Group Compatible Related Issues
Docs Overview/
Edge Acceleration/
Domain name service and origin server configuration/
HTTPS Certificate/
Edge HTTPS Certificate/
Deploying/Updating SSL Certificate for A Domain Name/

Deploying/Updating SSL Certificate for A Domain Name

This document describes how to deploy or update a self-owned certificate for a domain name via the EdgeOne console and the SSL console.

Deploying Certificate

Prerequisite

Purchase an SSL certificate in the SSL Certificate Service console, or upload a self-owned certificate and manage it in SSL.

Scenario 1: Configuring A Self-Owned Certificate via the EdgeOne Console

You can manage and use a self-owned certificate via the EdgeOne console as instructed below.
1. Log in to the Tencent Cloud EdgeOne console, enter Service Overview in the left menu bar, and click the site to be configured under Website Security Acceleration.
2. In the left sidebar, click Domain Name Service > Domain Management.
3. In the domain name list that appears, find the domain name for which the managed SSL certificate is to be configured and click Edit in the HTTPS column of the domain name.
4. Locate the Edge HTTPS configuration card and click Configure.
5. In the certificate type, select managed SSL certificate, which will automatically display the current deployable certificate list for that domain name. Select the associated certificate ID, click Confirm, and the certificate configuration will be deployed.



Note:
Up to one ECC, one RSA, and one national secret SM2 encryption algorithm certificate can be deployed to the same domain.
6. In the domain name list, hover over the icon before Configured in the record of the target domain name, and you can see the information of the deployed certificate.




Scenario 2: Batch Certificate Configuration through EdgeOne console

If your certificate is a multi-domain or wildcard domain name certificate, and you expect to select multiple domain names in EdgeOne and deploy the same certificate to reduce the operation of configuring the same certificate for multiple different domain names, then batch configuration of certificates is suitable for this scenario. The specific operation steps are as follows:
1. Log in to the Tencent Cloud EdgeOne console, enter Service Overview in the left menu bar, and click the site to be configured under Website Security Acceleration.
2. In the left navigation bar, click Domain Name Service > Domain Management.
3. On the Domain Management page, click Batch Configuration of Certificate, and in the steps of batch configuration certificate, select the certificate to be configured.



4. Click Next to enter the domain name configuration step. Select the domain names to be deployed in batches, and click Complete to issue the certificate deployment.
Note:
1. Up to 100 domain names can be selected at once. If the certificate needs to be deployed to more than 100 domain names, please operate in batches.
2. If you need to quickly filter out domain names that have already deployed this certificate, please check: Show only domain names that have not deployed this certificate.




Updating the Certificate

Note:
If your certificate is self-owned and uploaded to SSL certificate hosting, when it needs to be updated, you need to re-upload the new certificate content to the SSL Certificate Service console. You can also refer to Certificate deployment for redeployment to update.
If you have purchased an SSL certificate in the SSL Certificate Service console, you enable certificate hosting to implement automatic renewal and updates. You can refer to: Certificate Hosting.
To update a certificate in the EdgeOne console, for example: the current domain has a configured RSA certificate and an ECC Certificate, and the RSA certificate needs to be updated, see the following procedure:
1. Log in to the Tencent Cloud EdgeOne console, enter Service Overview in the left menu bar, and click the site to be configured under Website Security Acceleration.
2. In the left navigation bar, click Domain Name Service > Domain Management.
3. On the domain management list webpage, select the domain name for managed SSL certificate configuration, then click Edit in the HTTPS column to pop up the HTTPS certificate configuration.
4. Locate the Edge HTTPS configuration card and click Configure.
5. In the setting method, select managed SSL certificate, which will automatically display the current deployable certificate list for that domain name. When updating the certificate, since only one cert per algorithm can be deployed, you need to first deselect the old certificate, and then select the new certificate. Select it, then click Confirm, and the certificate configuration will be deployed.