CDNetworks allows you to upload externally purchased and issued SSL/TLS certificates to the CDNetworks platform for centralized management. After uploading a certificate, you can associate it with the corresponding authorized domain name and deploy it for use with your CDN service. This document explains how to upload and manage your existing SSL/TLS certificates to CDNetworks.
In addition to uploading your own certificates, you can use CDNetworks’ one-click certificate application to quickly obtain a free Let’s Encrypt or ZeroSSL HTTPS certificate. The certificate will be automatically deployed to your chosen domain on the CDNetworks platform. For more details, please refer to the One-Click Certificate document.
To ensure you receive timely certificate expiration reminders, please navigate to My Certificates page, click the Certificate Reminder Recipient button, and configure the recipient information and notification channels (currently, CDNetworks supports email, in-platform notifications, and API BOT for message push).
How to Upload Your SSL/TLS Certificate
- Log in to the CDNetworks Console, and in the left menu, navigate to: Certificate MGMT - SSL Certificates - My Certificates. Click the Upload Certificate button. You can also find this upload button on the certificate Overview page.
- CDNetworks provides three methods for uploading certificates: Import From the Certificate File, Import From Certificate File (with passphrase), and Paste Certificate Content. Both RSA and ECC encryption algorithm certificates are supported. The following sections describe each method in detail.
Import Certificate from File
- i. Enter the Certificate Name and optional Remarks.
- ii. Upload your certificate file and click Parse File to complete the import.
- iii. If the file is parsed successfully, the system will display the certificate details.
- iv. Confirm the information and click Submit to complete the upload. If parsing fails, please check that the certificate file is correct and not corrupted or modified.
Note:
This method allows you to upload up to 10 files at a time, with each file size not exceeding 44KB. Supported file formats include: .pem, .key, .crt, .cer, .der, .pfx, .jks
Import Encrypted Certificate from File
- i. Enter the Certificate Name and optional Remarks.
- ii. Enter your Private Key File Password.
- iii. Upload your encrypted certificate file and click Parse File to complete the import.
- iv. If the file is parsed successfully, the system will display the certificate details.
- ⅴ. Confirm the information and click Submit to complete the upload. If parsing fails, please check whether the certificate file is correct and ensure that the file has not been damaged or modified.
Note:
This upload method only allows you to upload a single certificate file in .pem format.
Paste Certificate Content
- i. Use a text editor (such as Notepad) to open your certificate file and extract the public key, private key, and CA certificate (if applicable).
- ii. Enter the Certificate Name and optional Remarks, and paste the extracted certificate content into the corresponding text boxes. Ensure there are no extra line breaks or spaces.
- iii. Before submission, the system will automatically detect if the public key and private key match. If errors or mismatches are found, the system will display an error message and prevent the upload.
How to Modify Your Certificate
You can modify an existing certificate to update its content. For example, if your certificate is about to expire or needs to be replaced, this feature allows you to update the certificate content and prevent website access issues caused by using an expired or invalid certificate.
-
Log in to the CDNetworks Console, and in the left menu, navigate to: Certificate MGMT - SSL Certificates - My Certificates.
-
Find the certificate you wish to modify and click the Edit button in the operation column on the right to enter the certificate editing page.
-
You can use any of the three upload methods described in the uploading SSL/TLS certificate section to update the certificate content:
- Import Certificate from File: Upload an unencrypted certificate file.
- Import Encrypted Certificate from File: Upload an encrypted certificate file and enter the corresponding private key file password.
- Paste Certificate Content: Directly paste the public key, private key, and CA certificate content into the corresponding text boxes.
-
Confirm the updated certificate information and click Submit to save your changes.
Note:
If the current certificate is already associated with multiple accelerated domains, the system will verify if the new certificate is valid for these domains during the update. Only when all domains pass the validation can the certificate be successfully updated.
To avoid creating a duplicate certificate entry and having to re-associate your domain names,always use the Edit feature to update certificates.
How to View Your Certificate
- Log in to the CDNetworks Console, and in the left menu, navigate to: Certificate MGMT - SSL Certificates - My Certificates.
- Click on the certificate name you wish to view to enter the certificate details page. Here, you can see the basic information of the certificate and the list of domains associated with the certificate.
- You can also unbind a domain name from a certificate on the certificate details page.
For security reasons, when viewing certificates, you can only see the public key, CA certificate, and associated domains. Sensitive information such as the private key will not be displayed.
How to Delete Your Certificate
- Log in to the CDNetworks Console, and in the left menu, navigate to: Certificate MGMT - SSL Certificates - My Certificates.
- In the certificate list, find the idle certificate you need to delete and click the Delete button in the operation column on the right.
- A confirmation pop-up will appear. Please carefully check the certificate name and click Confirm to complete the deletion. If you need to cancel the deletion, click Cancel.
Note:
To protect the security of your website business, you can only delete idle certificates that are not associated with any acceleration domains. Certificates associated with domains cannot be deleted directly. Please first unbind the certificate from the domain before performing the deletion.
Deleting a certificate is irreversible. It is recommended to back up certificate files before deletion for future use if needed.
How to Associate Your Certificate with a Domain and Deploy
CDNetworks makes it easy to associate your SSL/TLS certificates with your domain names for HTTPS delivery. You can associate single certificates or deploy both RSA and ECC certificates in a dual-certificate configuration.
Note:
A single certificate can be associated with a maximum of 200 domain names at a time.
Ensure the authorized domain of the certificate matches the actual acceleration domain configured on the CDNetworks platform. For instance, if the certificate is only issued for a1.abc.com
, do not associate it with a wildcard domain such as *.abc.com
that resolves to a2.abc.com
to avoid access issues.
Associate Single Certificate with Domain
- Log in to the CDNetworks Console, and in the left menu, navigate to: Certificate MGMT - SSL Certificates - My Certificates.
- Find the corresponding certificate and click the Associate Domain button in the operation column on the right. Select the domains you wish to deploy the certificate and move them to the right-selected domain list. Then, click Pre-Deploy or Deploy to complete the operation.
Associate Dual Certificates with Domain
- Follow the steps in Associate Single Certificate with Domain to complete the first certificate (e.g., RSA certificate as the first certificate) association for your domain.
- On the My Certificates page, find your corresponding ECC certificate you wish to deploy for your domains as the second certificate, move those domains to the right-selected domain list, and then click Next.
- Enter the certificate information confirmation page. If the selected domains already have RSA certificates correctly deployed, the system will prompt you to confirm whether to deploy the ECC certificate as a second certificate or replace the existing RSA certificate. Choose your desired option and click Deploy.
- Once successfully deployed, CDNetworks CDN edge server will prioritize loading the higher-performing ECC certificate based on the client’s supported algorithms during client interaction, while maintaining backward compatibility with RSA certificates for older clients.
Note:
Due to platform limitations, the dual certificate deployment for domains does not support the pre-deployment feature.
Important Notes
The CDNetworks Console currently only supports self-service management and configuration of SNI-type SSL/TLS certificates. If you need to add or change non-SNI certificates, please contact the CDNetworks technical support team for assistance.