Certificate provisioning management

Available in Classic and VPC

This section explains how to update, remove, or extend the scope of a provisioned certificate.

Update certificate

To update provisioned certificate:

From the NAVER Cloud Platform console, navigate to > Services > Content Delivery > Global Edge.
Select the Certificate Provisioning menu from the left-hand menu.
Select the certificate that needs to be updated from the list of provisioned certificates.
Click [Update certificate].
In the certificate update popup, select the certificate and click [OK].
- Select the newly issued certificate or the externally registered certificate from the Certificate Manager.
- Selection is not required as the global exclusive certificates are automatically updated. (Display of the previously used global exclusive certificate name)

Remove certificate

To remove provisioned certificate:

Note

To remove the certificate, all currently used edges must be returned before the certificate can be removed.

From the NAVER Cloud Platform console, navigate to > Services > Content Delivery > Global Edge.
Select the Certificate Provisioning menu from the left-hand menu.
Select the certificate that needs to be removed from the list of provisioned certificates.
Click [Remove certificate].
Enter the certificate Slot ID and click [OK] in the certificate removal popup.

Expand the certificate coverage

To add a global certificate for certificates deployed in the service regions of Korea/Japan:

From the NAVER Cloud Platform console, navigate to > Services > Content Delivery > Global Edge.
Select the Certificate Provisioning menu from the left-hand menu.
Click [•••] on the right side of the provisioned Korea/Japan certificate and then select the expand certificate coverage menu.
Select the global exclusive certificate and click [OK] in the expand certificate coverage popup.

Set TLS protocol version

It can be configured with various SSL/TLS cipher groups.
The list of cipher groups to be used for the TLS handshake is automatically selected when you choose a cipher profile.
Once the cipher profile is enabled, NAVER Cloud will not update the existing cipher profile except in the case of a security incident.
Customers are recommended to review their registration settings and update to the latest cipher profile if possible.

Enable cipher profile

The cipher profile can be used for all users, all certificates, and all registrations.

Profile	Cipher Suites
GE-STRICT-v1 This profile supports only TLSv1.2 and TLSv1.3 and is recommended for all certificates. It can be selected to help achieve an "A" grade in the Qualys SSL labs server test.	TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256 TLS-AES-128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305
GE-GENERAL-v1 This profile supports all TLS versions, including TLSv1.3 and is available for broad compatibility. No longer recommended but the CBC ciphers that may need to support the previous client is included.	TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256 TLS-AES-128-GCM-SHA256 TLS-AES-128-CCM-8-SHA256 TLS-AES-128-CCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA
GE-DEFAULT-v1 This profile supports all TLS versions, including TLSv1.3 and is available for broad compatibility. This profile is designed to support legacy clients that do not support forward secrecy or require TLSv1.0 or TLSv1.1 support.	TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256 TLS-AES-128-GCM-SHA256 TLS-AES-128-CCM-8-SHA256 TLS-AES-128-CCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA

Profile

Cipher Suites

GE-STRICT-v1

"A"

TLS-AES-256-GCM-SHA384
TLS-CHACHA20-POLY1305-SHA256
TLS-AES-128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305

GE-GENERAL-v1

TLS-AES-256-GCM-SHA384
TLS-CHACHA20-POLY1305-SHA256
TLS-AES-128-GCM-SHA256
TLS-AES-128-CCM-8-SHA256
TLS-AES-128-CCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
ECDHE-ECDSA-AES256-SHA384
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA

GE-DEFAULT-v1

TLS-AES-256-GCM-SHA384
TLS-CHACHA20-POLY1305-SHA256
TLS-AES-128-GCM-SHA256
TLS-AES-128-CCM-8-SHA256
TLS-AES-128-CCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
ECDHE-ECDSA-AES256-SHA384
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA
AES256-GCM-SHA384
AES128-GCM-SHA256
AES256-SHA256
AES128-SHA256
AES256-SHA
AES128-SHA