Enabling SSL – HTTPS on a CDN (HTTPS Everywhere Series – Part 6)

When serving your site over https, you need to make sure that all resources used by your HTML are also served via HTTPS. (eg. Images, javascript, stylesheets).

When you’re using a CDN to host your resources, you’ll need to configure the SSL settings in your CDN Account.

We’re going to show you how you can enable HTTPS on a KeyCDN server. The process will be similar for eg. MaxCDN

For setting up a CDN on a KeyCDN server:

• Go to KeyCDN and login to your account.
• Click on Zones and click on the Manage button -> Edit for the zone you want to configure.
• Click on Show Advanced features.

The settings we need to configure are:

• SSL
• Custom SSL certficate
• Custom SSL Private key
• Force SSL

As we want to configure https://cdn.<yourdomain.com>, we choose the Custom SSL option.

In the Custom SSL Certificate, we need to include our domain certificate and the intermediate CA certificates.

You should copy the text from our chained certificate file at /usr/local/nginx/conf/<yourdomain.chained.crt>. Below you can see the exact syntax to use.

You’ll also need to provide your private key in the Custom SSL Private Key section. This key is available at /usr/local/nginx/conf/<yourprivate.key>

Lastly enable the setting to redirect cdn.<yourwebsite.com> requests to https:

Make sure to use a https URL for your Origin URL too (eg. https://www.yourwebsite.com)

Please note that most CDNs that support SSL implement it via Server Name Indication which means multiple certificates can be presented to the browser on 1 single IP address. This reduces their need for dedicated IP addresses per customer which lowers the cost significantly. The only (small) downlside of SNI is that it isn’t supported by IE6 on Windows XP, meaning those users will see a certificate warning.

Enabling SPDY or HTTP/2 on a CDN

As we have enabled https on our CDN, we can now also enable the Google SPDY protocol or HTTP/2 which will speed up the https communications significantly.