Certificate Management

As a client, the ATIC invokes the RESTful (HTTPS) interface of the server to authenticate the server certificate and ensure that the server is valid.

Prerequisites

The ATIC server can access the certificate download link.

Context

You can download and configure certificates based on the following information.

Certificate		Description	Certificate Download Link
DamDDoS certificate		Used for DamDDoS certificate authentication.	https://api.damddos.com/
HUAWEI CLOUD Advanced Anti-DDoS certificate		Used for HUAWEI CLOUD Advanced Anti-DDoS certificate authentication.	https://aad.myhuaweicloud.com/
HUAWEI CLOUD certificate		Used for HUAWEI CLOUD certificate authentication. This certificate is used when Region is set to cn-north-1.	https://iam.cn-north-1.myhuaweicloud.com/
HUAWEI CLOUD certificate		Used for HUAWEI CLOUD certificate authentication. This certificate is used when Region is set to cn-north-4.	https://iam.cn-north-4.myhuaweicloud.com/
Cloud cleaning certificate		Used for cloud cleaning certificate authentication.	https://openapi.nexusguard.com/
RESTful server	Blackhole certificate for receiving blackhole messages	Blackhole certificate used by the third-party RESTful server to receive blackhole messages for authentication.	The value is the same as the URL for receiving blackhole triggering messages and the URL for receiving the blackhole cancellation message.
RESTful server	Login authentication certificate	Used for third-party RESTful server login authentication.	The value is the same as the login URL.

Procedure

The following uses the HUAWEI CLOUD certificate and the cn-north-1 region as an example to describe how to download and configure a certificate. The procedures for downloading and configuring other certificates are similar.

Download a certificate.

The following uses Google Chrome as an example to describe how to download a certificate. The procedure for downloading a certificate using other browsers is similar.
1. Open a browser.
2. Enter https://iam.cn-north-1.myhuaweicloud.com/ and press Enter.
3. Click View site information.
4. Click Certificate (Valid). The Certificate dialog box is displayed.
5. On the Details tab page, click Copy to File.
6. In the Certificate Export Wizard dialog box, click Next.
7. Select the format to be used and click Next.
8. Click Browse, select a path, and name the certificate file in File name, for example, cn-north-1. Select DER Encoded Binary X.509(*.cer) from the Save as type drop-down list box, and click Save.
9. Click Next.
10. Click Finish. If the message "The export was successful." is displayed, the certificate has been successfully downloaded.

Create a certificate in the ATIC management center.

Choose System > Notification Server > Certificate Management.
Click .

Configure the certificate information.

Parameter	Description
Certificate Alias	Enter the certificate alias. The certificate alias cannot be empty or contain special characters such as ! # $ %. NOTE: The certificate alias is displayed during certificate configuration. Therefore, you are advised to set the certificate alias to an easily identified and distinguished name.
Certificate File	Click Browse and select the downloaded certificate file.

Click OK. The certificate is created.

After the created certificate expires, you need to manually delete the certificate, and then download and configure a certificate with the same certificate alias by referring to the preceding steps.

After the ATIC is upgraded, the certificate store is restored to the initial state. You need to download and configure a certificate with the same certificate alias by referring to the preceding steps.