Enabling SSL – HTTPS on a CDN (HTTPS Everywhere Series – Part 6)

When serving your site over https, you need to make sure that all resources used by your HTML are also served via HTTPS. (eg. Images, javascript, stylesheets).

When you’re using a CDN to host your resources, you’ll need to configure the SSL settings in your CDN Account.

We’re going to show you how you can enable HTTPS on a KeyCDN server. The process will be similar for eg. MaxCDN

For setting up a CDN on a KeyCDN server:

  • Go to KeyCDN and login to your account.
  • Click on Zones and click on the Manage button -> Edit for the zone you want to configure.
  • Click on Show Advanced features.

The settings we need to configure are:

  • SSL
  • Custom SSL certficate
  • Custom SSL Private key
  • Force SSL


As we want to configure https://cdn.<yourdomain.com>, we choose the Custom SSL option.

In the Custom SSL Certificate, we need to include our domain certificate and the intermediate CA certificates.

You should copy the text from our chained certificate file at /usr/local/nginx/conf/<yourdomain.chained.crt>. Below you can see the exact syntax to use.


HTTPS CDN Settings at KeyCDN


You’ll also need to provide your private key in the Custom SSL Private Key section. This key is available at /usr/local/nginx/conf/<yourprivate.key>


private key

Lastly enable the setting to redirect cdn.<yourwebsite.com> requests to https:

enable https redirection

Make sure to use a https URL for your Origin URL too (eg. https://www.yourwebsite.com)

origin server https

Please note that most CDNs that support SSL implement it via Server Name Indication which means multiple certificates can be presented to the browser on 1 single IP address. This reduces their need for dedicated IP addresses per customer which lowers the cost significantly. The only (small) downlside of SNI is that it isn’t supported by IE6 on Windows XP, meaning those users will see a certificate warning.

Enabling SPDY or HTTP/2 on a CDN

As we have enabled https on our CDN, we can now also enable the Google SPDY protocol or HTTP/2 which will speed up the https communications significantly.

spdy http2 on a cdn

Wim Bervoets
Follow me

Share this Post

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.