Edge Security Acceleration:Configure a common name whitelist

Background information

Common Name (CN) refers to the domain name for which an SSL certificate is issued. When DCDN nodes connect to an origin server over HTTPS, the system verifies the SNI in the client request against the CN in the certificate returned by the origin server. If the SNI does not match the CN, the request is rejected and DCDN nodes cannot establish HTTPS connections with the origin server.

For example, if a client request carries domain2 as the SNI but the origin server certificate is issued to domain1, the connection fails. If you enable the Common Name whitelist feature and add domain2 to the whitelist, DCDN nodes can bypass the strict CN matching and successfully establish HTTPS connections with the origin server.

Prerequisites

This feature is not available by default. You must submit a ticket to request that this feature be enabled for the required domain names.

Procedure

1. Log on to the DCDN console.

2. In the left-side navigation pane, click Domain Names.

3. On the Domain Names page, find the target domain name and click Configure in the Actions column.

4. In the left-side navigation pane of the domain name, click Origin Fetch.

5. On the Origin Fetch tab, find Common Name Whitelist and turn on the Status switch. A domain name input area appears after the switch is turned on.

6. In the input area, enter the domain names that you want to add to the Common Name whitelist.

   Note

   You can enter multiple domain names separated by commas (,). Example: example.com,example.org,example.net.

7. Click OK.

   The page returns to the Origin Fetch configuration list. The Common Name Whitelist status displays as enabled, and the configured domain names appear in the whitelist.