Uploading a Certificate¶
If you select HTTPS for Client Protocol when you add a website to WAF, a certificate must be associated with the website.
You can upload a certificate to WAF. Then you can directly select the uploaded certificate for the protected website.
Prerequisites¶
You have obtained the certificate file and certificate private key.
Specification Limitations¶
You can upload as many certificates in WAF as the number of domain names that can be protected by your WAF instances in the same account.
Constraints¶
If you import a new certificate when adding a protected website or updating a certificate, the certificate is added to the certificate list on the Certificates page, and the imported certificates is counted in the number of created certificates.
Application Scenario¶
If you select HTTPS for Client Protocol, a certificate is required.
Procedure¶
Log in to the management console.
Click in the upper left corner of the management console and select a region or project.
Click in the upper left corner and choose Web Application Firewall under Security.
In the navigation pane, choose Certificates.
Click Upload Certificate.
In the Upload Certificate dialog box, enter a certificate name, and copy the certificate file and private key into the corresponding text boxes.
Only .pem certificates can be used in WAF. If the certificate is not in .pem format, convert it into .pem locally by referring to Table 1 before uploading it.
¶ Format
Conversion Method
CER/CRT
Rename the cert.crt certificate file to cert.pem.
PFX
Obtain a private key. For example, run the following command to convert cert.pfx into key.pem:
openssl pkcs12 -in cert.pfx -nocerts -out key.pem -nodes
Obtain a certificate. For example, run the following command to convert cert.pfx into cert.pem:
openssl pkcs12 -in cert.pfx -nokeys -out cert.pem
P7B
Convert a certificate. For example, run the following command to convert cert.p7b into cert.cer:
openssl pkcs7 -print_certs -in cert.p7b -out cert.cer
Rename certificate file cert.cer to cert.pem.
DER
Obtain a private key. For example, run the following command to convert **privatekey.der** into privatekey.pem:
openssl rsa -inform DER -outform PEM -in privatekey.der -out privatekey.pem
Obtain a certificate. For example, run the following command to convert cert.cer into cert.pem:
openssl x509 -inform der -in cert.cer -out cert.pem
Note
Before running an OpenSSL command, ensure that the OpenSSL tool has been installed on the local host.
If your local PC runs a Windows operating system, go to the command line interface (CLI) and then run the certificate conversion command.
Click OK.
Verification¶
The certificate you created is displayed in the certificate list.
Other Operations¶
To change the certificate name, move the cursor over the name of the certificate, click , and enter a certificate name.
Important
If the certificate is in use, unbind the certificate from the domain name first. Otherwise, the certificate name cannot be changed.
To view details about a certificate, click View in the Operation column of the certificate.
To delete a certificate, locate the row of the certificate and click Delete in the Operation column.