When serving your site over https, you need to make sure that all resources used by your HTML are also served via HTTPS. (eg. Images, javascript, stylesheets).
When you’re using a CDN to host your resources, you’ll need to configure the SSL settings in your CDN Account.
We’re going to show you how you can enable HTTPS on a KeyCDN server. The process will be similar for eg. MaxCDN
For setting up a CDN on a KeyCDN server:
- Go to KeyCDN and login to your account.
- Click on Zones and click on the Manage button -> Edit for the zone you want to configure.
- Click on Show Advanced features.
The settings we need to configure are:
- SSL
- Custom SSL certficate
- Custom SSL Private key
- Force SSL
As we want to configure https://cdn.<yourdomain.com>, we choose the Custom SSL option.
In the Custom SSL Certificate, we need to include our domain certificate and the intermediate CA certificates.
You should copy the text from our chained certificate file at /usr/local/nginx/conf/<yourdomain.chained.crt>. Below you can see the exact syntax to use.
You’ll also need to provide your private key in the Custom SSL Private Key section. This key is available at /usr/local/nginx/conf/<yourprivate.key>
Lastly enable the setting to redirect cdn.<yourwebsite.com> requests to https:
Make sure to use a https URL for your Origin URL too (eg. https://www.yourwebsite.com)
Please note that most CDNs that support SSL implement it via Server Name Indication which means multiple certificates can be presented to the browser on 1 single IP address. This reduces their need for dedicated IP addresses per customer which lowers the cost significantly. The only (small) downlside of SNI is that it isn’t supported by IE6 on Windows XP, meaning those users will see a certificate warning.
Enabling SPDY or HTTP/2 on a CDN
As we have enabled https on our CDN, we can now also enable the Google SPDY protocol or HTTP/2 which will speed up the https communications significantly.
Wim Bervoets
I started my first website Wim's BIOS (https://www.wimsbios.com) back in 1996 as a hobby. Wim’s BIOS is still the internet premier source for finding BIOS Updates.
More then 15 years later this technology site keeps going strong with thousands of visitors every day.
My book "Fast, Scalable and Secure Webhosting" will show you how to set up your server using Linux, Nginx, MariaDB, PHP-FPM, Java, IPv6, HTTPS, HTTP/2, WordPress and much more!
Latest posts by Wim Bervoets (see all)
- Google PageSpeed Insights: Scoring 100/100 with WordPress - August 2, 2016
- Enabling SSL – HTTPS on a CDN (HTTPS Everywhere Series – Part 6) - May 11, 2016
- Getting an A+ grade on SSLLabs.com (HTTPS Everywhere Series – Part 5) - May 9, 2016
Share this Post