Introduction
Secure Sockets Layer (SSL) allows you to access CDN services over HTTPS protocol.
We provide the following four SSL solutions for our Nginx based CDN services: CDN Static, CDN Static Push and CDN HTTP Live.
Native SSL | We provide you a shared SSL certificate for our *.r.cdnsun.net domain for free and we enable it for your CDN service for free. |
---|---|
Shared SSL | We provide you a shared SSL certificate for our *.r.worldssl.net domain for free and we enable it for your CDN service for free. |
SNI SSL | You provide us an SSL certificate for your domain and we enable it for your CDN service for free. |
SNI LE SSL | We provide you a custom SSL certificate (issued by the Let's Encrypt certificate authority) for your domain for free and we enable it for your CDN service for free. |
Please refer to the Services/How-To section for more details.
Native SSL
Native SSL is activated automatically for all CDN Static, CDN Static Push and CDN HTTP Live services. You don't need to take any additional steps to enable Native SSL. Simply create your CDN service, and Native SSL will be activated automatically. It has the format https://NUMBER.r.cdnsun.net, so for example https://12345.r.cdnsun.net. Please refer to the Services/How-To section for more details.
Shared SSL
The steps are identical for CDN Static, CDN Static Push and CDN HTTP Live services. The Shared SSL can be enabled either during CDN service creation (found in advanced settings) or on the Services/Settings page.
How to enable Shared SSL
- Enable Shared SSL - select "Enabled" from the Shared SSL select box.
- Fill in "special" Service Domain - your Service Domain has to be of the format ONEWORD.r.worldssl.net, so for example mycompany.r.worldssl.net. No other formats are supported.
SNI / SNI LE SSL
The steps are identical for CDN Static, CDN Static Push and CDN HTTP Live services.
How to enable SNI / SNI LE
-
Create a CDN Static service
with Shared SSL set to Disabled.
- Go to Services → Certs.
-
Select your desired SSL type and CDN service as in the picture below.
- (For SNI SSL only)
-
Please note that every SSL certificate contains a Common Name (CN) and, alternatively, Subject Alternative Names (SANs). If you intend to use your certificate for your CDN service, your CDN Service Domain must match your certificate's Common Name or be included in its Subject Alternative Names. You can verify your certificate details using our SSL certificate viewer. If your CDN Service Domain does not match your certificate's Common Name and is not included in its Subject Alternative Names, browsers will throw an SSL error when accessing your CDN service via https://. In the following examples, let's assume that your CDN Service Domain is static.mycompany.com.
Examples
CN: mycompany.com SANs: mycompany.com, www.mycompany.com You can not use this SSL certificate. CN: static.mycompany.com SANs: N/A You can use this SSL certificate. CN: mycompany.com SANs: mycompany.com, www.mycompany.com, static.mycompany.com You can use this SSL certificate. CN: *.mycompany.com SANs: N/A You can use this SSL certificate. -
Please use our SSL certificate viewer to verify your SSL certificate details. If your certificate matches your CDN service, navigate to the Services / Certs page and input your certificate in PEM format. To prevent unintended white space symbols (such as spaces or new lines), it's advisable to first paste your certificate into a text editor and then copy-paste it into our form. This ensures that the format of your certificate is supported. Your certificate may be either a single-domain certificate or a wildcard certificate. Ensure that you also include all intermediate certificates necessary for a complete certificate chain, appending them below your certificate as illustrated in the following example.
-----BEGIN CERTIFICATE----- MIIF7zCCA9egAwIBAgIUPoIIvvvppIGsF9xZgJ6qQnVyQwEwDQYJKoZIhvcNAQEL BQAwgYYxCzAJBgNVBAYTAlhYMRIwEAYDVQQIDAlTdGF0ZU5hbWUxETAPBgNVBAcM CENpdHlOYW1lMRQwEgYDVQQKDAtDb21wYW55TmFtZTEbMBkGA1UECwwSQ29tcGFu eVNlY3Rpb25OYW1lMR0wGwYDVQQDDBRDb21tb25OYW1lT3JIb3N0bmFtZTAeFw0y NDAzMTAxNjM5MTdaFw0zNDAzMDgxNjM5MTdaMIGGMQswCQYDVQQGEwJYWDESMBAG -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- /f4G1mgUXQ37RNELDMBOiGbjdLjXTI3COfR4qj1O1d1iQ6JW1pfwo6BUyklZE4Dp ByZHRuguSgvBRiWCs2lK/wPUuN5ZfkodugzIjwUE2GeMoxsOyDBnNSTkXEJ83C7e oCoL+8YGbcchn+w/r+JKnHaPy7Vtm5S3T/TcYR0inMr4Fe/3fyzqX0pUDaj4GGZv +zzlPluDOYKbUF/3OiK5TCoiz6/WveOviI4nQ/TN79hICy9snxICMpHHhNfbXdPj -----END CERTIFICATE-----
-
Fill in your certificate key in the non-encrypted format. You can use this online SSL certificate key matcher to check if your certificate and key match.
-----BEGIN PRIVATE KEY----- MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDDV77lanoZ+b4c eQ+eaYNZozQYnKZB9g7CB3FO4U1DnLpTv4eszo+sRAk/G2rAqGUANe+oealTR0Mv v//V4Rpzfl+4BQHcpPMF1JpQsle+oy5xnuMETtSiz5KyB9JEU5TwhTVu7aZT4IjG FtmmJbwY9ATRYb6ZA5MUFnbZWuM29OjPadJH1TyWA67dT7a3koT9et2RlFtcJWt2 dF5T/mgkfPTj4wHJTgbufNtfi/p4eTO2Sz/2rp9r3tDMwirA0xbw/U3tihcqtv3o -----END PRIVATE KEY-----
-
- Click on the Add Certificate button.
- That's all.
Notes
- You can use this online SSL certificate checker to check if your certificate has been correctly installed.
- If you need to convert your SSL certificate from a non-PEM format to the (required) PEM format you can use this online SSL converter.
- Read more about SNI SSL on the Wikipedia or check SNI Let's Encrypt example page.
- There is a limit on number of requests to issue Let's Encrypt certificate - every account can request at most one Let's Encrypt certificate within 5 minutes.
- Please note that you can manage your SNI / SNI LE SSL certificates via our CDN API.