Show search and navigation.

 

Delivering Content over HTTPS Tutorial

Applies To:
HTTP LargeThis platform has been optimized to cache and deliver static content (e.g., HTML, CSS, JavaScript, ISO, multimedia, and software downloads, etc.) over HTTP or HTTPS.
HTTP SmallLegacy. If you are currently serving traffic over this platform, then you may continue to do so. However, we recommend that you serve your traffic over our more robust HTTP Large platform.
ADNThe Application Delivery Network platform has been optimized to deliver dynamic content (e.g., login credentials, account information, etc.) over HTTP or HTTPS. Typically, user-specific and database-driven content are served over this platform.
Rules EngineAllows the customization of how requests are handled by our CDN service. It may be used to override the default response provided by an origin server, CDN settings, and the default edge server behavior. - Advanced Rules

Set up support for HTTPS content delivery through the following procedure:

  1. Choose a delivery platform.
  2. Set up a TLSTransport Layer Security. Encrypts traffic for the purpose of delivery over HTTPS. certificate via the Certificate Provisioning System.

  3. Configure the CDN to communicate with your web servers over HTTPS.

    Alternatively, content may be served from an Azure block blob container.

  4. Configure your firewall to allow our network to communicate with your web servers.
  5. Create an edge CNAME configuration for the hostname associated with the TLS certificate.
  6. Update a CNAME recordA Canonical Name (CNAME) record is used to indicate that a hostname is an alias of another hostname. A CNAME record must be registered on a Domain Name System (DNS). This term should not be confused with edge CNAME. within your DNS zone to switch traffic over to our service.

PCI Only: Setting up a customer origin group for a site whose traffic must be served over a Payment Card Industry-certified (PCI) network requires assistance. Contact our technical customer support prior to setup.

Choose a Delivery Platform

Accelerate HTTP traffic by serving it through one or more of the following platforms:

Based on the following questions, choose the first platform that fits your traffic profile.

  1. Do you plan on serving content that varies by user?

    This type of content is typically generated using a scripting language (e.g., PHP).

    If so, use ADNThe Application Delivery Network platform has been optimized to deliver dynamic content (e.g., login credentials, account information, etc.) over HTTP or HTTPS. Typically, user-specific and database-driven content are served over this platform..

  2. Does most of your content consist of static content? Static content are files stored on disk, such as HTML, CSS, JavaScript, high resolution images, multimedia, and software downloads.

    If so, use HTTP LargeThis platform has been optimized to cache and deliver static content (e.g., HTML, CSS, JavaScript, ISO, multimedia, and software downloads, etc.) over HTTP or HTTPS..

TLS Certificate

Support for HTTPS content delivery requires that a TLS certificate be installed on our network. Request a TLS certificate through our Certificate Provisioning System.

Request a TLS certificate from your CDN account manager.

Be prepared to provide the following information:

  • Company information (e.g., legal name, address, contact information, etc.)

  • Platform (i.e., ADN, HTTP Large, or HTTP Small)

  • TLS certificate type

    • Hosted SAN: A TLS certificate shared with multiple customers.
    • Custom: A TLS certificate that is dedicated to your account. Indicate whether you would like a single domain, multiple domains, or wildcard certificate and whether EV certification will be applied to it.

  • Common name

    Identify a Fully Qualified Domain Name (FQDN) or a wildcard hostname that will be assigned to the certificate.

Wait until your CDN account manager informs you that a TLS certificate has been installed on our network before proceeding beyond this point.

Configure the CDN to Communicate with your Web Servers

Before the CDN may serve HTTPS traffic from your web servers, it must be informed where they are located via a platform-specific customer originRefers to a CDN configuration that identifies one or more web servers that will serve as the source from which content may be delivered via the CDN. configuration.

Your account is configured to support either customer origin groups or the legacy method for creating customer origin configurations.

ClosedHow can I tell whether my account supports customer origin groups?

From the main menu, navigate to [HTTP Large, HTTP Small, or ADN] | Customer Origin.

If your account supports customer origin groups, it should look similar to the following illustration:

If it still uses the legacy method for customer origin configuration and therefore doesn't support customer origin groups, it will look like the following illustration:

Customer origin groups allow you to leverage our built-in support for connecting to new or preexisting Azure block blob containers. Contact your CDN account manager to upgrade your account to support customer origin groups.

ClosedTo create a customer origin group

Load the Customer Origin Page

A customer origin configuration allows the CDN to serve traffic from your web server(s) over a single platform.

Navigate to the Customer Origin page corresponding to the desired platform. ClosedHow?From the main menu, navigate to [HTTP Large, HTTP Small, or ADN] | Customer Origin.

Upon navigating to the Origins page, it will immediately show a blank page.

Click Create.

Customer Origin Group Type

A customer origin group can either point to your web server(s) or an Azure block blob container.

Click Customer Origin.

Customer Origin Group Name

Create a customer origin group by assigning it a unique name. This name will be incorporated into the CDN URLA system-defined URL that points to a CDN hostname. A CDN URL allows content delivery via our network. Simplify your CDN setup by also creating an edge CNAME configuration which potentially allows you to deliver traffic via the CDN using the same links as your current setup. generated for this customer origin group.

ClosedView sample CDN URLs.

The following CDN URLs are based on a sample account number (i.e., 0001) and a directory name of "marketing."

HTTP Large:

http://wpc.0001.edgecastcdn.net/800001/marketing

HTTP Small:

http://wac.0001.edgecastcdn.net/800001/marketing

ADN:

http://adn.0001.edgecastcdn.net/800001/marketing

Click within the Group option, type an alphanumeric word or phrase (e.g., marketing), and then press ENTER.

Origin Entry Name

A customer origin group consists of one or more origin entries. Each origin entry identifies one or more web server(s). Assign a name to the origin entry being created.

In the Name option, type originentry1.

Web Server Information

The CDN service must be informed where to find each web server associated with this customer origin group. This step involves providing one or more IP addresses or hostnames that point to your web servers.

Set the Protocol Type option to HTTPS Only.

Set the Hostname or IP Address option to the hostname or IP address of the server where your data resides.

Set the Port option to the port over which our network will serve traffic to the above hostname or IP address.

ADN Only - Configuring ADN Gateway Servers

HTTP Large & HTTP Small: Please proceed to the Saving Changes step.

An ADN Gateway server optimizes the communication path between the edge of our network and your web servers (i.e., customer origin servers). Setting up ADN Gateway servers requires testing connectivity between each ADN Gateway server and the servers associated with the customer origin configuration (as defined in the Web Server Information step).

Upload this sample asset to each web server associated with this customer origin configuration.

Multiple Servers: Make sure to upload the above sample asset to the same location on each web server.

Click ADN Gateway from the Group Settings section.

In the Validation Path option, type a URL that points to the asset uploaded in the previous step. Make sure that the hostname specified in this URL matches the value defined in the HTTP Host Header option.

Click Validate. If the result returns 200 OK for all hostnames/IP addresses, then proceed to the next step.

Saving Changes

Create the customer origin group by saving your changes.

Click Save.

Set up Firewall Access

The next step is to ensure that a firewall doesn't block the flow of traffic between your web servers and the CDN.

Configure your firewall to allow all of our IP blocks access to your server(s).

View our IP blocks by navigating to the Whitelist IP Blocks page.

Create an Edge CNAME Configuration

HTTPS traffic may only be served via an edge CNAME URLThis type of URL takes advantage of an edge CNAME configuration and a CNAME record to provide a friendlier alternative to a CDN URL. An edge CNAME URL is specific to the platform from which it was configured.. Do not attempt to serve HTTPS traffic using the CDN URL generated for the customer origin created in this tutorial.

Create an edge CNAMERefers to the mapping of a CNAME record to a directory on a CDN or customer origin server. The purpose of this mapping, which is only used by our CDN, is to establish a user-friendly alias for content served through the CDN. It relies upon your CNAME record being mapped to a CDN hostname via a DNS service provider. configuration that will direct traffic to the customer origin created in this tutorial. This setup allows traffic to be shifted to the CDN by simply updating a CNAME recordA Canonical Name (CNAME) record is used to indicate that a hostname is an alias of another hostname. A CNAME record must be registered on a Domain Name System (DNS). This term should not be confused with edge CNAME. to point to a CDN hostnameRefers to a system-defined hostname that is specific to your customer account and a CDN service..

Navigate to Edge CNAME Settings

An edge CNAME configuration must be created on the same platform as the customer origin that was created earlier in this tutorial.

Navigate to the Edge CNAMEs page corresponding to the platform to which the desired customer origin was added. ClosedHow?From the main menu, navigate to [HTTP Large, HTTP Small, or ADN] | Edge CNAMEs.

Name an Edge CNAME

An edge CNAME configuration should be named after the hostname defined in the requested TLS certificate.

This name should be specified in lower-case letters and should not include a protocol (i.e., https://).

In the New Edge Cname option, type the hostname defined in the requested TLS certificate.

New Edge CNAME Option - Edge CNAME Configuration

Identify a Customer Origin

This step defines the customer origin from which requests to this edge CNAME will be served.

In the Points to option, verify that "Customer Origin" is selected.

In the Origin Directory option, select the recently created customer origin configuration.

Defining the Origin Server

Save Changes

Create an edge CNAME by saving your changes.

Click Add.

An edge CNAME that points to a customer origin configuration should appear at the top of the Edge CNAMEs page.

New Edge CNAME

Wait an hour to allow your changes to be applied before proceeding beyond this point.

Update a CNAME Record via a DNS Service Provider

Switching traffic over to our CDN service requires updating a CNAME record to point to an edge CNAME .

Load your DNS service provider's portal.

Find the CNAME record corresponding to the edge CNAME created above (e.g., cdn1.mydomain.com).

Update the CNAME's value to resolve to your TLS certificate's target CNAME.

Your DNS service provider should provide settings similar to those shown below.

Once this DNS change takes effect, traffic will shift to our CDN service.

More Information