Welcome to WebmasterWorld Guest from 54.225.57.230

Forum Moderators: open

Message Too Old, No Replies

SSL & CDN

     
12:40 pm on Sep 25, 2017 (gmt 0)

Moderator from GB 

WebmasterWorld Administrator ianturner is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 19, 2001
posts: 3645
votes: 48


How do the two work together?

My thoughts are that the two should really be incompatible as the SSL certificate should be telling the user that they have connected to the correct source for the information that they are looking up.

Does a CDN deliver a cached copy of the encrypted pages?
4:28 pm on Sept 25, 2017 (gmt 0)

Full Member

Top Contributors Of The Month

joined:Apr 20, 2017
posts:334
votes: 73


Does a CDN deliver a cached copy of the encrypted pages?

I don't think so.

First of all, and if I don't make mistake, the encryption is different from one client to another. Clients do not handle the same cipher suite necessarily.
9:25 am on Sept 28, 2017 (gmt 0)

Moderator from GB 

WebmasterWorld Administrator ianturner is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 19, 2001
posts: 3645
votes: 48


That was my thinking too - but there must be a way that you can use a CDN with a secure site. Otherwise CDN would be becoming obsolete instead of gaining traction.
10:17 am on Sept 28, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1908
votes: 300


Technically, the pages themselves aren't encrypted. Only the data traveling across the wire is. It's just like your browser's cache: a file may be downloaded to it securely via HTTPS, but it will be stored in cache in its original form. Browse your cache and you'll only find original files.

Multiple servers can serve the same or even different certificates for the same domain, but usually your server and the CDN serve requests from different domains. For example, your CDN will listen on www.example.com (publicly available), and your own server on source.example.com (privately available for the CDN). If the CDN receives a request on www.example.com for a file it doesn't (or is not allowed to) have cached, it will connect to source.example.com to pull the file (connection A: CDN <-> your server), then store it in its cache (again, if allowed) and forward it to the user (connection B: user <-> CDN). This is the same principle for HTTP and HTTPS, but both domains obviously require a valid certificate if you want both connections to be secured over HTTPS. In the end, though, the files themselves don't change from one server to the other.