/DOCS
Облачная платформаAdvanced

Certificate Hosting

Эта статья полезна?

Scenarios

If you want to access a bucket using a user-defined domain name over HTTPS, you need to configure an HTTPS certificate for the domain name. In HTTPS, digital certificates are essential for securing communication, preserving data integrity, and verifying identity.

  • Identity authentication uses a certificate to verify that a server is who it claims to be. This in turn helps defend against man-in-the-middle (MITM) attacks and protects users from connecting to a forged phishing website. In certain scenarios (for example, internal enterprise systems), HTTPS mutual authentication can be implemented using digital certificates. In this setup, the client is also required to present a certificate for the server to verify its identity, thereby further enhancing security.
  • Data encryption protects the confidentiality of communications by setting up an encrypted channel between the client and the server. This ensures that the transmitted data (such as passwords, credit card information, and chat content) remains secure. Even if the data is intercepted, it cannot be read.
  • Data integrity protects data from being tampered with. During HTTPS transmission, a hash function (for example, SHA-256) is used to create a message digest and this digest is then encrypted using a session key. This ensures that data is not tampered with or replaced during transmission.

Functions

OBS supports international certificates. You can configure an HTTPS certificate when you configure a user-defined domain name. For details, see Configuring a User-Defined Domain Name. You can also configure an HTTPS certificate after you configure a user-defined domain name. For details, see Configuring an HTTPS Certificate for a User-Defined Domain Name.

Constraints

  • OBS supports HTTPS certificate hosting only for user-defined domain names.
  • When HTTPS certificates are required, a maximum of 100 user-defined domain names can be configured for each bucket.

Certificate Format

A certificate consists of two parts: the certificate file and the private key.

Certificate File Format

The certificate file must meet the following requirements:

The certificate file must contain information such as the public key and signature. The file name must end with .pem or .crt.

  • The content must start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.
  • The certificate file cannot contain blank lines. Each line must contain exactly 64 characters, except for the last line, which can contain fewer.

Example:

-----BEGIN CERTIFICATE-----
MIIDIjCCAougAwIBAgIJALV96mEtVF4EMA0GCSqGSIb3DQEBBQUAMGoxCzAJBgNV
BAYTAnh4MQswCQYDVQQIEwJ4eDELMAkGA1UEBxMCeHgxCzAJBgNVBAoTAnh4MQsw
CQYDVQQLEwJ4eDELMAkGA1UEAxMCeHgxGjAYBgkqhkiG9w0BCQEWC3h4eEAxNjMu
Y29tMB4XDTE3MTExMzAyMjYxM1oXDTIwMTExMjAyMjYxM1owajELMAkGA1UEBhMC
eHgxCzAJBgNVBAgTAnh4MQswCQYDVQQHEwJ4eDELMAkGA1UEChMCeHgxCzAJBgNV
BAsTAnh4MQswCQYDVQQDEwJ4eDEaMBgGCSqGSIb3DQEJARYLeHh4QDE2My5jb20w
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMU832iM+d3FILgTWmpZBUoYcIWV
cAAYE7FsZ9LNerOyjJpyi256oypdBvGs9JAUBN5WaFk81UQx29wAyNixX+bKa0DB
WpUDqr84V1f9vdQc75v9WoujcnlKszzpV6qePPC7igJJpu4QOI362BrWzJCYQbg4
Uzo1KYBhLFxl0TovAgMBAAGjgc8wgcwwHQYDVR0OBBYEFMbTvDyvE2KsRy9zPq/J
WOjovG+WMIGcBgNVHSMEgZQwgZGAFMbTvDyvE2KsRy9zPq/JWOjovG+WoW6kbDBq
MQswCQYDVQQGEwJ4eDELMAkGA1UECBMCeHgxCzAJBgNVBAcTAnh4MQswCQYDVQQK
EwJ4eDELMAkGA1UECxMCeHgxCzAJBgNVBAMTAnh4MRowGAYJKoZIhvcNAQkBFgt4
eHhAMTYzLmNvbYIJALV96mEtVF4EMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
BQADgYEAASkC/1iwiALa2RU3YCxqZFEEsZZvQxikrDkDbFeoa6Tk49Fnb1f7FCW6
PTtY3HPWl5ygsMsSy0Fi3xp3jmuIwzJhcQ3tcK5gC99HWp6Kw37RL8WoB8GWFU0Q
4tHLOjBIxkZROPRhH+zMIrqUexv6fsb3NWKhnlfh1Mj5wQE4Ldo=
-----END CERTIFICATE-----

Private Key Format

The private key must meet the following requirements:

The private key must have the .key extension and must not have a password.

  • The private key is a PEM encoded file.
    • The content must start with -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----.
  • The private key cannot contain blank lines. Each line must contain exactly 64 characters, except for the last line, which can contain fewer.

Example:

-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDFPN9ojPndxSC4E1pqWQVKGHCFlXAAGBOxbGfSzXqzsoyacotu
eqMqXQbxrPSQFATeVmhZPNVEMdvcAMjYsV/mymtAwVqVA6q/OFdX/b3UHO+b/VqL
o3J5SrM86Veqnjzwu4oCSabuEDiN+tga1syQmEG4OFM6NSmAYSxcZdE6LwIDAQAB
AoGBAJvLzJCyIsCJcKHWL6onbSUtDtyFwPViD1QrVAtQYabF14g8CGUZG/9fgheu
TXPtTDcvu7cZdUArvgYW3I9F9IBb2lmF3a44xfiAKdDhzr4DK/vQhvHPuuTeZA41
r2zp8Cu+Bp40pSxmoAOK3B0/peZAka01Ju7c7ZChDWrxleHZAkEA/6dcaWHotfGS
eW5YLbSms3f0m0GH38nRl7oxyCW6yMIDkFHURVMBKW1OhrcuGo8u0nTMi5IH9gRg
5bH8XcujlQJBAMWBQgzCHyoSeryD3TFieXIFzgDBw6Ve5hyMjUtjvgdVKoxRPvpO
kclc39QHP6Dm2wrXXHEej+9RILxBZCVQNbMCQQC42i+Ut0nHvPuXN/UkXzomDHde
h1ySsOAO4H+8Y6OSI87l3HUrByCQ7stX1z3L0HofjHqV9Koy9emGTFLZEzSdAkB7
Ei6cUKKmztkYe3rr+RcATEmwAw3tEJOHmrW5ErApVZKr2TzLMQZ7WZpIPzQRCYnY
2ZZLDuZWFFG3vW+wKKktAkAaQ5GNzbwkRLpXF1FZFuNF7erxypzstbUmU/31b7tS
i5LmxTGKL/xRYtZEHjya4Ikkkgt40q1MrUsgIYbFYMf2
-----END RSA PRIVATE KEY-----

Configuring an HTTPS Certificate for a User-Defined Domain Name

You can use OBS Console or APIs to configure HTTPS certificates for user-defined domain names.

Using OBS Console

  1. In the bucket list, click the bucket you want to operate. The Objects page is displayed.
  2. In the navigation pane, choose Domain Name Mgmt.
  3. On the domain name list page, click Configure next to User Domain Name HTTPS Configuration on the right of the target domain name.

    If an HTTPS certificate has been configured, click Edit to modify the certificate.

  4. Configure HTTPS parameters.

    Table 1 HTTPS certificate parameters

    Parameter

    Description

    Status

    Determines whether to enable HTTPS.

    • By enabling the Status button, you can use a user-defined domain name to access objects stored in OBS over HTTPS, which is more secure.
    • By default, the Status button is disabled, which means HTTPS is not enabled.

    Certificate

    Choose the SCM certificate (a server digital certificate provided by CCM) you want to use.

  5. Click OK.

Using APIs

You can use an API to upload a certificate:

Configuring a Custom Domain Name for a Bucket

Obtaining the Custom Domain Name of a Bucket

Follow-up Operations

After you configure an HTTPS certificate for a user-defined domain name, you can access an OBS bucket using https plus the user-defined domain name.

Parent topic: Domain Name Management
Поддержка Юридические документы
© 2026 Cloud.ru