Docs
ulb
Classic Load Balancer CLB
Operation Guide
Certificate
Certificate Format

Certificate Format

Format Requirements

Currently, two methods are supported to upload certificates. The first is to directly upload the certificate file, and the second is to manually fill in the certificate text information.

Direct File Upload

If you choose to directly upload the certificate file, you need to prepare the following files:

  • Mandatory, the website certificate file (cer/crt/pem format), the text format of the file is as follows:
-----BEGIN MY CERTIFICATE-----
...
-----END MY CERTIFICATE-----
  • Mandatory, private key file (key file)

For files with RSA digital signature algorithm, the text format is as follows:

-----BEGIN RSA PRIVATE KEY-----
... 
-----END RSA PRIVATE KEY-----

For files with ECDSA digital signature algorithm, the text format is as follows, EC PARAMETERS is optional:

-----BEGIN EC PARAMETERS-----
... 
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
... 
-----END EC PRIVATE KEY-----
  • Optional, intermediate certificate, root certificate (certificate chain, cer/crt/pem format), the text format of the file is as follows:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

The certificate you provide needs to remove the password protection. When you upload the certificate or manually fill in the certificate, please ensure that the certificate format is correct. If the format is not correct, the certificate addition will be unsuccessful.

Manual Certificate Entry

If you choose to manually fill in the certificate, the text needs to include the following fields in sequence: private key, website certificate, intermediate certificate, root certificate, etc.

The reference for RSA digital signature algorithm format is as follows (please check the integrity of the certificate when copying):

-----BEGIN RSA PRIVATE KEY-----
... 
-----END RSA PRIVATE KEY-----
-----BEGIN MY CERTIFICATE-----
...
-----END MY CERTIFICATE-----
-----BEGIN MY CERTIFICATE-----
...
-----END MY CERTIFICATE-----

The reference for ECDSA digital signature algorithm format is as follows (please check the integrity of the certificate when copying):

-----BEGIN EC PRIVATE KEY-----
... 
-----END EC PRIVATE KEY-----
-----BEGIN MY CERTIFICATE-----
...
-----END MY CERTIFICATE-----
-----BEGIN MY CERTIFICATE-----
...
-----END MY CERTIFICATE-----

If your certificate is in another format, we suggest you use the openssl tool to convert the format.

DER to PEM:

Certificate Conversion: openssl x509 -inform der -in certificate.cer -out certificate.pem

Private Key Conversion (RSA Certificate): openssl rsa -inform DER -outform PEM -in privatekey.der -out privatekey.pem

Private Key Conversion (ECDSA Certificate): openssl ec -inform DER -outform PEM -in privatekey.der -out privatekey.pem

Content ForwardingCertificate Management