If your origin IP address is bound to multiple domains, you must set a Server Name Indication (SNI) value to ensure that the Dynamic Route for CDN (DCDN) node can access your origin server over HTTPS.

Background information

SNI is an extension of Transport Layer Security (TLS) by which a client determines which hostname it is attempting to connect to at the beginning of the handshake process. This allows a server to present multiple certificates on the same IP address and TCP port. In this way, multiple HTTPS websites (or any other service over TLS) that have different certificates can be served by the same IP address.

If your origin server uses one IP address to provide HTTPS service for multiple domains and you have specified port 443 for DCDN to communicate with the origin server, you must set an SNI value to specify the requested domain. This way, when a DCDN node accesses your origin server over HTTPS, the server returns the correct certificate of the requested domain.
Note If your origin is an Alibaba Cloud Object Storage Service (OSS) bucket, you do not need to set an SNI value.
The following figure shows how SNI works.How SNI works
  1. The DCDN node sends an HTTPS access request to the origin server. The requested domain is included in SNI.
  2. After the origin server receives the request, it returns the certificate of the requested domain to the DCDN node.
  3. After the DCDN node receives the certificate, it establishes a secure connection to the origin server.

Procedure

  1. Log on to the DCDN console.
  2. In the left-side navigation pane, click Domain Names.
  3. On the Domain Names page, find the domain name that you want to manage, and click Configure in the Actions column.
  4. In the left-side navigation pane on the details page of the specified domain, click Origin Fetch.
  5. On the Origin Fetch tab, find Origin SNI.
  6. Turn on Origin SNI, and enter the name of the domain to be requested.
    In Alibaba Cloud DCDN, SNI specifies a domain name of your origin server. If your origin server uses one IP address to provide HTTPS services for multiple domains, you must set an SNI value to specify the requested domain name, for example, cdn.console.aliyun.com.Origin SNI
  7. Click OK.