Creating CDN services with an SSL enabled

Introduction

Secure Sockets Layer (SSL) support of CDN Static and CDN Static Push services allows you to access CDN services over HTTPS protocol.

Please note that you can always access CDN Static and CDN Static Push services over both HTTP and HTTPS protocols. But if SSL is not enabled for the CDN service then access over HTTPS protocol will throw an SSL error because the CDN domain will not match the SSL certificate used for the HTTPS connection.

We provide the following three SSL solutions.

Shared SSL We provide you a shared SSL certificate for our *.r.worldssl.net domain for free and we enable it for your CDN service for free.
SNI SSL You provide us an SSL certificate for your domain and we enable it for your CDN service for free.
SNI LE SSL We provide you a custom SSL certificate (issued by the Let's Encrypt certificate authority) for your domain for free and we enable it for your CDN service for free.

Please refer to the notes below for more details.

Shared SSL

The steps are identical for both CDN Static and CDN Static Push services. The Shared SSL can be enabled during a CDN service creation (in advanced settings) or on the Services/Settings page.

How to enable Shared SSL

  • Enable Shared SSL - select "Enabled" from the Shared SSL select box.
  • Fill in "special" Service Domain - your Service Domain has to be of the format ONEWORD.r.worldssl.net, so for example mycompany.r.worldssl.net. No other formats are supported.
Create CDN

Custom SSL - SNI / SNI LE

The steps are identical for both CDN Static and CDN Static Push services.

How to enable SNI / SNI LE

  1. Create a CDN Static service with Shared SSL set to Disabled.
    2. Create CDN
  2. Go to Services → Certs.
  3. Select your desired SSL type and CDN service as in the picture below.
    Add SSL certificate - choose type
  4. (For SNI SSL only)
    • Please note that every SSL certificate contains a Common Name (CN) and alternatively also Subject Alternative Names (SANs). If you want to use your certificate for your CDN service then your CDN Service Domain must match your certificate Common Name or it must be contained in your certificate Subject Alternative Names. Please use our SSL certificate viewer to check your certificate details. If your CDN Service Domain would not match your certificate Common Name and also it would not be contained in your certificate Subject Alternative Names then browsers would throw an SSL error when accessing your CDN service via https://. In the following examples let's assume that your CDN Service Domain is static.mycompany.com.

      Examples

      CN:mycompany.com
      SANs:mycompany.com, www.mycompany.com
      You can not use this SSL certificate.
      CN:static.mycompany.com
      SANs:N/A
      You can use this SSL certificate.
      CN:mycompany.com
      SANs:mycompany.com, www.mycompany.com, static.mycompany.com
      You can use this SSL certificate.
      CN:*.mycompany.com
      SANs:N/A
      You can use this SSL certificate.
    • Please use our SSL certificate viewer to check your SSL certificate details and if your certificate matches your CDN service then on the Services / Certs page fill in your certificate in the PEM format. To avoid inserting unwanted white symbols (spaces, new lines, etc.) it is recommended to first copy-paste your certificate to a text editor and then copy-paste it from the editor to our form otherwise you can receive an error that the format of your certificate is not supported. Your certificate can be a single domain certificate or it can be a wildcard certificate. Make sure to fill in also all intermediate certificates required for a valid certificate chain. Append them below your certificate as in the following example. 
      -----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAJC1HiIAZAiIMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTExMjMxMDg1OTQ0WhcNMTIxMjMwMDg1OTQ0WjBF
C3Fayua4DRHyZOLmlvQ6tIChY0ClXXuefbmVSDeUHwc8YufRAERp2GfQnL2JlPUL
B7xxt8BVc69rLeHV15A0qyx77CLSj3tCx2IUXVqRs5mlSbq094NBxsauYcm0A6Jq
vA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
qJ6A0mcYuasxBN490qbSlm5sRqVXUI2xCt3jSLC77xyq0A51VHeLr96cVB8txx7B
LUPlJ2LnQfG2pREARfuY8cwHUeDSVmbfeuXXlC0YhCIt6QvlmLOZyHRD4auyaF3C
FBjW0QTO1gDMwMjMxITMNchW0QTO1gDMxMjMxETMNchHwQGdMBSe0BFIzRXanRWa
XBCdl5mclRnbJhBDKQQVDYwHwESMlRXY0NVLl12bTpADIQQVDYQEwMRMVFkATYAB
VNgBJAzCxUEMAUQBBEQD3bISGqSCG0AMIiAZAIiH1CJAJIgABIwAgWkACCTXDIAv
IM==
-----END CERTIFICATE-----
    • Fill in your certificate key in the non-encrypted format. You can use this online SSL certificate key matcher to check if your certificate and key match. 
      -----BEGIN PRIVATE KEY-----
Wbo6CjdgoKVCKGKD+iZGmwKBgQCUOdvnYwFln0zH3nXiboV/zVhCSWt8ujcTqyQ2
tMefgCt7XYjCjg7OehHHAfdjASTg9H7vv8iktK/glIno2yRY1ACZw1xqrnGK5Bid
wSwftoJRVnCSMHvXeax7HvLzM9oGkSM0xzwef+xNtbZyPgEffVWVkYLvycxmxcIu
YmKrKNa51G/ia73CSECCuVq4zKKRelMF6HW6AnTXAXVYhiej5rLwFE3zrB1tA/fn
kOFHmdqSpXvgJEWvhCuxE9QxXDuqSxW52h0WhPKyMpw9yCSw7dFR
-----END PRIVATE KEY-----
      Add SSL certificate
  5. Click on the Add Certificate button.
  6. That's all.

Notes

  • You can use this online SSL certificate checker to check if your certificate has been correctly installed.
  • Currently SNI LE SSL can be enabled only for CDN Static Push services, it can not be enabled for CDN Static services.
  • If you need to convert your SSL certificate from a non-PEM format to the (required) PEM format you can use this online SSL converter.
  • Read more about SNI SSL on the Wikipedia or check SNI Let's Encrypt example page.
  • There is a limit on number of requests to issue Let's Encrypt certificate - every account can request at most one Let's Encrypt certificate within 2 hours.
  • Please note that you can manage your SNI SSL certificates via our CDN API.

Contact Us

 _____     _    _     _  __  
|  __ \\  | || | ||  | |/ // 
| |  \ || | || | ||  | ' //  
| |__/ || | \\_/ ||  | . \\  
|_____//   \____//   |_|\_\\ 
 -----`     `---`    `-` --`