When Dynamic Content Delivery Network (DCDN) points of presence (POPs) connect to origin servers over HTTPS, the system compares common names in the certificates that are returned by the origin servers with Server Name Indication (SNI) values that are included in client requests. You can enable the common name whitelist feature and add SNIs to the common name whitelist. This way, DCDN POPs can connect to origin servers.
Background information
A common name refers to a specific website domain name that is used to apply for a Secure Sockets Layer (SSL) certificate. The following figure shows that a client request is rejected when the SNI value that is included in the request does not match the common name in the certificate that is returned by the origin server. As a result, the DCDN POP fails to connect to the origin server over HTTPS. If you enable the common name whitelist feature and add domain2 to the common name whitelist, the DCDN POP can connect to the origin server over HTTPS.
Procedure
- Log on to the DCDN console.
- In the left-side navigation pane, click Domain Names.
- On the Domain Names page, find the domain name that you want to manage and click Configure in the Actions column.
- In the left-side navigation pane of the domain name, click Origin Fetch.
- On the Origin Fetch tab, find Common Name Whitelist - Beta and turn on Status.
- Enter the domain name that you want to add to the common name whitelist. Note You can enter multiple domain names. Separate the domain names with commas (,). Example:
example.com,example.org,example.net
. - Click OK.