If your origin IP address is bound to multiple domains, you must set a Server Name Indication (SNI) value to ensure that the CDN node can access your origin server over HTTPS.
SNI is an extension of Transport Layer Security (TLS) by which a client determines which hostname it is attempting to connect to at the beginning of the handshake process. This allows a server to present multiple certificates on the same IP address and TCP port. In this way, multiple HTTPS websites (or any other service over TLS) that have different certificates can be served by the same IP address.
- The CDN node wants to access the origin server over HTTPS. The requested domain is included in SNI.
- After the origin server receives the request, it sends the certificate of the requested domain to the CDN node.
- After the CDN node receives the certificate, it establishes a secure connection to the origin server.
- Log on to the Alibaba Cloud CDN console.
- In the left-side navigation pane, click Domain Names.
- On the Domain Names page, find the target domain name and click Manage.
- In the left-side navigation pane of the specified domain, click Back-to-origin.
- In the Origin SNI section, click Modify.
- Turn on Origin SNI, and enter the name of the domain to be requested.
In Alibaba Cloud CDN, SNI specifies a domain name of your origin server. If your origin server uses one IP address to provide HTTPS services for multiple domains, you must set an SNI value to specify the requested domain name.
- Click OK.