By default, HTTPS uses one-way authentication: the client verifies the server's identity. CDN supports client certificate authentication, allowing the server to verify the client using a custom Certificate Authority (CA) certificate. This enables mutual authentication and improves communication security. This topic explains how to enable and configure client certificate authentication.
Before you start
You have enabled and configured HTTPS certificates.
You have a custom Client CA Certificate.
Procedure
Log on to the CDN console.
In the left navigation pane, click Domain Names.
On the Domain Names page, find the domain name that you want to manage and click Manage in the Actions column.
In the left navigation pane for the domain name, click HTTPS.
Enable Client Certificate Authentication and paste your Client CA Certificate.
Paste your certificate (including the public key). Its format must meet the following requirements:
It must start with
-----BEGIN CERTIFICATE-----and end with-----END CERTIFICATE-----.Each line must contain 64 characters, except the last line, which can be shorter.
Click OK.
After you enable Client Certificate Authentication, CDN checks the validity of client certificate when a client sends an HTTPS request to access a resource. Access is granted only if the certificate is valid. Otherwise, the request is denied