When Dynamic Route for CDN (DCDN) nodes connect to origin servers over HTTPS, the system compares common names in the certificates returned by the origin servers with Server Name Indication (SNI) values included in client requests. To pass the origin certificate verification and connect the DCDN nodes to the origin servers, you can enable and configure the common name whitelist feature.

Background information

A common name refers to the specific website domain name that is used to apply for a Secure Sockets Layer (SSL) certificate. The following figure shows that a client request is rejected when the SNI value included in the request does not match the common name in the certificate returned by the origin server. As a result, the DCDN node fails to connect to the origin server over HTTPS. However, if you enable the common name whitelist feature and add domain2 to the common name whitelist, the DCDN node can connect to the origin server over HTTPS.Diagram for the common name

Procedure

  1. Log on to the DCDN console.
  2. In the left-side navigation pane, click Domain Names.
  3. On the Configure page, find the domain name that you want to manage and click Domain Names in the Actions column.
  4. In the left-side navigation pane on the details page of the specified domain name, click Origin Fetch.
  5. On the Origin Fetch tab, find Common Name Whitelist--Beta, and turn on the Status switch.
  6. Enter the domain name that you want to add to the common name whitelist.
    Note You can enter multiple domain names and separate them with commas (,). For example, you can enter a.com,b.com,c.com.
  7. Click OK.