HTTPS ensures secure communication over the Internet. We offer three options when it comes to an SSL CDN: Shared SSL, Custom SSL with your own certificate, and custom SSL with Let’s Encrypt. All methods offer the same security standard and come for free! Yes, even Custom SSL comes for free if you bring your own certificate.
Shared SSL CDN
Shared SSL is ideal to get started within minutes. You only need to enable the option in the dashboard and you’re ready to go. Simply use HTTPS when you request files from our CDN.
Why You Need a Custom?
Custom SSL only makes sense if you use CNAMES (Zonealiases). It’s a convenient way to use CNAME in combination with SSL. Using a zonealias and or custom CDN URL can be benefical for both branding and SEO.
Custom SSL with Certificate
You can either send us your existing certificate or we can issue a certificate. Custom SSL is completely free if you bring your own certificate! Other CDNs charge as much as $7200/year for Custom SSL. Beside a normal certificate, you can also send us wildcard or SAN certificates. In this case you can maintain several CNAMEs if your certificate supports it. Make sure that you update your DNS before you start using your CNAMEs. Our Custom SSL is based on SNI.
Custom SSL with Let’s Encrypt Integration
KeyCDN also has an integration with Let’s Encrypt in which you can use custom SSL for free. It offers domain validated certificates. To enable follow the steps below.
- Navigate to your zone’s advanced settings in the KeyCDN dashboard by going to Zones → Manage → Edit → and select Show Advanced Features.
- Scroll down to the SSL section and from the drop-down list select the LetsEncrypt option.
Overview of SSL CDN certificates
|TOPIC||SHARED SSL||CUSTOM SSL||Let’s Encrypt|
|Deployment||Instantly available||Deployment within a day||Instantly available|
|Validity||Valid for one zone||Valid for one or more CNAMEs||Valid for one zone|
|Action steps on your side||None||Send us your certificate if you want to use your own.Update your DNS!||None|
|Cost||Free||Free of charge if you bring your certificate!||Free|
In case you bring your own certificate, please make sure it’s valid for at least one year. You can easily check the validity of your certificate with the following command on a unix machine:
openssl x509 -in certificate.crt -text -noout
Alternatively you can check the expiry date of your custom certificate on a site like Certificate Decoder.
Shared SSL is good enough in most cases but as soon as CNAMEs come into play you might consider a Custom SSL CDN. We’re happy to support you during the setup. Let us know if you have questions!
- Why You Should Be Establishing SSL Trust For Your Business