Release Notes and Announcements

Release Notes

Security Announcement

Announcements

Product Introduction

Overview

Strengths

Use Cases

Comparison Between EdgeOne and CDN Products

Use Limits

Purchase Guide

Description of Trial Plan Experience Benefits

Free Plan Guide

Billing Overview

Billing Items

Subscriptions

Renewals

Instructions for overdue and refunds

Comparison of EdgeOne Plans

About "clean traffic" billing instructions

DDoS Protection Capacity Description

Getting Started

Choose business scenario

Quick access to website security acceleration

Quick deploying a website with Pages

Domain Service&Origin Configuration

Domain Service

HTTPS Certificate

Origin Configuration

Site Acceleration

Overview

Access Control

Smart Acceleration

Cache Configuration

File Optimization

Network Optimization

URL Rewrite

Modifying Header

Modify the response content

Rule Engine

Image&Video Processing

Speed limit for single connection download

DDoS & Web Protection

Overview

DDoS Protection

Web Protection

Bot Management

API Discovery（Beta）

Edge Functions

Overview

Getting Started

Operation Guide

Runtime APIs

Sample Functions

Best Practices

Pages

L4 Proxy

Overview

Creating an L4 Proxy Instance

Modifying an L4 Proxy Instance

Disabling or Deleting an L4 Proxy Instance

Batch Configuring Forwarding Rules

Obtaining Real Client IPs

Data Analysis&Log Service

Log Service

Data Analysis

Alarm Service

Site and Billing Management

Billing Management

Site Management

Version Management

General Policy

General Reference

Configuration Syntax

Request and Response Actions

Country/region and Corresponding Codes

Terraform

Overview

Installing and Configuring Terraform

Practical Tutorial

EdgeOne Skill User Guide

Automatic Warm-up/Cache Purge

Resource Abuse/hotlinking Protection Practical

HTTPS Related Practices

Acceleration Optimization

Scheduling Traffic

Data Analysis and Alerting

Log Platform Integration Practices

Configuring Origin Servers for Cloud Object Storage (Such As COS)

CORS Response Configuration

API Documentation

History

Introduction

API Category

Making API Requests

Site APIs

Acceleration Domain Management APIs

Site Acceleration Configuration APIs

Edge Function APIs

Alias Domain APIs

Security Configuration APIs

Layer 4 Application Proxy APIs

Content Management APIs

Data Analysis APIs

Log Service APIs

Billing APIs

Certificate APIs

Origin Protection APIs

Load Balancing APIs

Diagnostic Tool APIs

Custom Response Page APIs

API Security APIs

DNS Record APIs

Content Identifier APIs

Legacy APIs

Ownership APIs

Image and Video Processing APIs

Multi-Channel Security Gateway APIs

Version Management APIs

Data Types

Error Codes

FAQs

Product Features FAQs

DNS Record FAQs

Domain Configuration FAQs

Site Acceleration FAQs

Data and Log FAQs

Security Protection-related Queries

Origin Configuration FAQs

Troubleshooting

Reference for Abnormal Status Codes

Troubleshooting Guide for EdgeOne 4XX/5XX Status Codes

520/524 Status Code Troubleshooting Guide

521/522 Status Code Troubleshooting Guide

Tool Guide

Agreements

Service Level Agreement

Origin Protection Enablement Conditions of Use

TEO Policy

Data Processing And Security Agreement

Glossary

Certificate Format Requirements

PDF

Focus Mode

Font Size

Last updated: 2024-11-08 15:52:45

If your certificate is issued by a root certificate authority (CA), you will get a unique certificate. The configured site will be considered trustworthy by access devices such as browsers without the need for additional certificates.
If your certificate is issued by an intermediate CA, you will receive a file containing multiple certificates. You need to manually concatenate the intermediate certificate and the root certificate in order before uploading. The concatenation rule is: first put the intermediate certificate and then put the root certificate, with no blank lines between them.
Note:
In general, CA will provide corresponding instructions when issuing certificates. Pay attention to such instructions.
Examples of CA Certificate Format and Certificate Chain Format
Below are examples of certificate format and certificate chain format. Confirm that the formats are correct before uploading:
1. The example of the PEM format of the certificate issued by a root CA is as follows:
﻿
The certificate format is as follows:
Your certificate should start with "-----BEGIN CERTIFICATE-----" and end with "-----END CERTIFICATE-----".
Each line should contain 64 characters, with the last line containing no more than 64 characters.
2. If the certificate is issued by an intermediate CA, the CA certificate needs to include a multi-level certificate chain. The certificate chain structure is as follows:
-----BEGIN CERTIFICATE-----
Intermediate CA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Root CA
-----END CERTIFICATE-----
The certificate chain rules are as follows:
There should be no blank lines between certificates.
All certificates should meet the certificate format requirements mentioned above.
Instructions for Converting Certificates to PEM Format
Generally, HTTPS certificates are in PEM format. For certificates in other formats that need to be converted to PEM format, it is recommended to use the OpenSSL tool for conversion. Below are methods to convert several popular certificate formats to PEM format.
DER to PEM
P7B to PEM
PFX to PEM
CER/CRT to PEM
The DER format is generally used on Java platforms.
Certificate conversion:
openssl x509 -inform der -in certificate.cer -out certificate.pem
Private key conversion:
openssl rsa -inform DER -outform PEM -in privatekey.der -out privatekey.pem
The P7B format is generally used on Windows Server and Tomcat.
Certificate conversion:
openssl pkcs7 -print_certs -in incertificat.p7b -out outcertificate.cer
You need to get the content between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" in outcertificate.cer to upload as certificate.
Private key conversion: Private keys can generally be exported on IIS servers.
The PFX format is generally used on Windows Server.
Certificate conversion:
openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
Private key conversion:
openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
```	
You can convert certificates in CER/CRT format by directly modifying their file extensions. For example, you can directly rename the "servertest.crt" certificate file as the "servertest.pem" certificate file.
﻿
﻿

Help and Support

Was this page helpful?

You can also Contact sales or Submit a Ticket for help.

Help us improve! Rate your documentation experience in 5 mins.

Feedback

tencent cloud

Tencent Cloud EdgeOne

Certificate Format Requirements

Examples of CA Certificate Format and Certificate Chain Format

Instructions for Converting Certificates to PEM Format

Help and Support