A default CDN configuration allows traffic to flow over HTTP. Adding support for HTTP Secure (HTTPS) requires that your CDN account manager perform the following steps on your behalf:
- The SSL traffic feature must be activated on the desired platform.
- A SSL/TLSSecure Socket Layer / Transport Layer Security. Refers to protocols that encrypt traffic for the purpose of delivery over HTTPS. Although traffic will be encrypted using the TLS protocol, SSL is mentioned here as a point of reference for readers that are more familiar with this legacy technology. certificate that identifies the hostname over which secure CDN traffic will flow must be installed on our network.
Request support for either of the following types of certificates:
| Type | Description |
|---|---|
|
Hosted SAN TLS Certificate |
This is a shared SAN certificate whose common name is owned by Edgio. The Subject Alternative Names associated with this certificate defines hostnames for several customers. |
|
Custom TLS Certificate |
This is an umbrella term for any type of certificate that is dedicated to your organization. This type of certificate can define a single hostname, multiple hostnames, or a wildcard hostname (validates unlimited subdomains). Finally, Extended Validation (EV) status can be granted to this type of certificate. An EV TLS certificate provides additional visual reassurance to your clients that they are accessing a secured site. |
A previously purchased TLS certificate can be leveraged for CDN usage. This type of setup requires the installation of your TLS certificate on our servers. For additional details and pricing information, please contact your CDN account manager.
Once support for HTTP Secure (HTTPS) has been added to your account, please implement TLS 1.2 encryption.
Setup
Support for HTTPS traffic requires that your CDN account meet all of the following requirements:
- The SSL traffic feature must be enabled on your account.
- A TLS certificate that references the hostname to which HTTPS traffic will be directed must be installed on our network.
- An edge CNAME should point the hostname referenced in the TLS certificate to a CDN or a customer origin server.
Upon requesting HTTPS support, your CDN account manager will enable the SSL Traffic feature on the desired platform and request TLS certificate deployment from CDN personnel. Perform the following steps while awaiting TLS certificate activation:
- Create an edge CNAME named after the hostname defined in the requested TLS certificate.
-
Customer Origin Only
Proceed to the next step if the above edge CNAME configuration points to CDN storage.
From the customer origin configuration associated with the above edge CNAME, enable the HTTPS Edge Protocol option.
Configure your hostnames/IP addresses using one of the following methods:
-
End-to-End Encryption: Set up secure communication from a client to your web servers via our network by specifying the HTTPS protocol for one or more hostnames/IP addresses.
Sample Configuration:
https://video.mydomain.com
https://101.10.20.30
-
Client to Edge Encryption: Our network may be configured to communicate over both HTTP and HTTPS by specifying the HTTP protocol for one or more hostnames/IP addresses.
Sample Configuration:
http://video.mydomain.com
http://101.10.20.30
-
- Create a CNAME record via your DNS service provider that points the hostname defined in the requested TLS certificate to a CDN hostnameThis hostname is defined when the corresponding TLS certificate is installed on our network. It will be provided by your CDN account manager when the CDN is ready to deliver HTTPS traffic on your account.. This CDN hostname was provided by your CDN account manager.
-
Enable TLS 1.2 support on your web servers.
Disable support for SSL/TLS versions older than 1.1. Requests to web servers that support older SSL/TLS versions will cause the termination of the TLS handshake and users will land on a "Your connection is not secure" web page.
Configuration changes typically take effect within an hour.
More Information
Edgecast CDN