tencent cloud

Cloud Load Balancer

Release Notes and Announcements
CLB Release Notes
Product Announcements
Product Introduction
Overview
Strengths
Use Cases
Principles
Product Comparison
Use Limits
Service Regions and Service Providers
Purchase Guide
Billing Overview
Billing
CLB Resource Package
Purchase Methods
Payment Overdue
Product Attribute Selection
Getting Started
Getting Started with Domain Name-Based CLB
Getting Started with CLB
Getting Started with IPv6 CLB
Deploying Nginx on CentOS
Deploying Java Web on CentOS
Operation Guide
CLB Instance
CLB Listener
Real Server
Health Check
Certificate Management
Log Management
Monitoring and Alarm
Cloud Access Management
Classic CLB
Practical Tutorial
Deploy certificate to CLB (mutual authentication)
Enabling Gzip Compression & Testing
HTTPS Forwarding Configurations
Obtaining Real Client IPs
Best Practices for Configuring Load Balancing Monitoring Alerts
Implementing HA Across Multiple AZs
Load Balancing Algorithm Selection and Weight Configuration Examples
Configuring WAF protection for CLB listening domain names
Configure IAP to authenticate web access to the CLB domain and path
Configure IAP to authenticate programmatic access to CLB's domain and path
Ops Guide
Solution to Excessive Clients in TIME_WAIT Status
Load Balancer HTTPS Service Performance Test
Stress Testing FAQ
CLB Certificate Operation Permissions
Troubleshooting
UDP Health Check Exception
API Documentation
History
Introduction
API Category
Instance APIs
Listener APIs
Backend Service APIs
Target Group APIs
Redirection APIs
Other APIs
Classic CLB APIs
Load Balancing APIs
Making API Requests
Data Types
Error Codes
CLB API 2017
FAQs
Billing
CLB Configuration
Troubleshooting Health Check Issues
HTTPS
WS/WSS Protocol Support
HTTP/2 Protocol Support
Default Domain Name Blocking Prompt
Service Level Agreement
Contact Us
Glossary
DocumentationCloud Load BalancerOperation Guide Certificate ManagementManaging Certificates

Managing Certificates

PDF
Focus Mode
Font Size
Last updated: 2024-01-04 14:34:05
When configuring an HTTPS listener of a CLB instance, you can directly use a certificate in SSL Certificate Service or upload the third-party server certificate and SSL certificate that you require to the CLB console.

Certificate Requirements

CLB supports only certificates in PEM format. Before uploading a certificate, make sure that your certificate, certificate chain, and private key meet the format requirement. For information about the certificate requirements, see Certificate Requirements and Certificate Format Conversion.

Certificate Encryption Algorithms

CLB supports the following algorithms for certificate encryption: ECC and RSA. For more information about the algorithms, see What are the differences between RSA and ECC?.
Note:
You can configure two certificates that use different algorithms in SSL parsing for HTTPS listeners. For more information, see Configuring an HTTPS Listener.
Listener Type
Supported Encryption Algorithm When Configuring One Certificate
Supported Encryption Algorithms When Configuring Two Certificates
HTTPS
RSA or ECC
RSA and ECC
TCP_SSL, QUIC
RSA or ECC
Does not support configuring two certificates that use different encryption algorithms.
TCP, UDP, HTTP
Does not support configuring certificates.
Does not support configuring certificates.

Configuring Certificates

There are two types of certificate configuration for an HTTPS listener:
Listener-level certificate configuration: If SNI is not enabled, the same certificate is configured for all domain names under the listener. For more information, see Configuring an HTTPS Listener.
Domain name-level certificate configuration: If SNI is enabled, different certificates can be configured for different domain names under the listener. For more information, see SNI Support for Binding Multiple Certificates to a CLB Instance.

Updating Certificates

To prevent certificate expiration from affecting your service, please update your certificate before it expires.
Note:
After a certificate is updated, the system does not delete the legacy certificate but generates a new one. The certificate will be automatically updated for all CLB instances that use it.
1. Log in to the CLB console.
2. Click Certificate management in the left sidebar.
3. In the certificate list, click Update in the Operation column of the target certificate.
4. In the pop-up window, enter the content and key of the new certificate and click Submit.


Viewing CLB Instances Associated with a Certificate

1. Log in to the CLB console.
2. Click Certificate management in the left sidebar.
3. In the certificate list, click the ID of the target certificate.
4. On the Basic information page, view the CLB instances associated with the certificate.


Previous Topic: Verifying Health Check Source IPsNext Topic: Certificate Requirements and Certificate Format Conversion

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback