KeyCDN offers custom HTTPS CDN SSL integration for free. A Custom SSL is also known as Private SSL. This article is about how to get and deploy an SSL certificate (cert) for your own domain. If you already have an SSL certificate, you can use it and don’t need to order a new one. CDN Custom SSL is only needed if you want to use your CNAME in combination with HTTPS. KeyCDN also now offers free custom SSL with Let’s Encrypt.
HTTPS CDN SSL Overview
There are a few different certificates out there. Let’s summarize them quickly:
- Wildcard certificate: This cert is ideal if you have various subdomains and you want to have the flexibility to add more subdomains later on. The cert is valid for all subdomains (e.g. *.yourdomain.com)
- Subject Alternative Name (SAN) certificate: This cert suits best if you have some specific domains that won’t change often (e.g. cdn.domain-a.com / login.domain-a.com / assets.domain-b.com …). Every time you want to add a new (sub) domain, you need to re-issue the cert. This approach is recommended if you need more than one SSL enabled domain per zone.
- Standard certificate: This is the most common cert valid for a single domain e.g. valid for cdn.yourdomain.com.
All these certificates can be used for Custom SSL. All of them are handled the same way. The certificate you’re planning to use for content delivery needs to be valid an additional subdomain (e.g. cdn.yourdomain.com).
There are also some terms that you will stumble upon quite frequently during the Custom SSL deployment. Let’s elaborate on them as well:
- Certificate Signing Request (CSR): Only needed during the ordering process to issue the cert.
- Private Key / Certificate Key: This is the key for your certificate. Don’t share your private key with anyone except for us. We need the key in order to deliver traffic on behalf of your domain.
- Certificate (cert): This is the actual certificate: Use a certificate decoder if you don’t know anymore the details of your certificate.
- Certificate Authority (CA) Bundle: This certificate is also known as chain or intermediate certificate. You only need it if your certificate is not recognized by most common browsers. Contact us if you need to deploy a CA bundle.
How to Integrate Your CDN SSL Certificate?
There are only a few steps needed to get up and running with an HTTPS CDN using your custom SSL certificate.
- Login to the KeyCDN dashboard and start editing the zone.
- Take your existing certificate or order a new certificate. We recommend ordering a certificate from gogetssl.com or ssls.com if you don’t already have one. Follow the ordering process of the vendor. You normally have various validation options to choose from (DNS validation / HTML validation or email validation). They will email you your certificate
- Once you’ve gotten the certificate, go ahead and add the certificate and the private key to your zone as shown in the screen shot:
- You’re almost done. All you need to do now is creating a Zonealias (CNAME) that corresponds with the certificate (e.g. cdn.yourdomain.com). Please remember: The certificate needs to be issued for the Zonealias you add. Make sure you also update your DNS as you would do for any other Zonealias (CNAME).
That’s it! Happy content delivery with your new Custom SSL! For more advanced configurations please see the documentation on how to setup custom SSL.