Technology Encyclopedia Home >What should I do if the HTTPS certificate on the CDN conflicts with the certificate on the origin server?

What should I do if the HTTPS certificate on the CDN conflicts with the certificate on the origin server?

Created on 2025-04-22 11:15:54
32

If the HTTPS certificate on your Content Delivery Network (CDN) conflicts with the certificate on your origin server, it can lead to security warnings and potential security risks for your users. Here’s what you should do:

  1. Check Certificate Details: Ensure that both the CDN and the origin server are using certificates that are issued by trusted Certificate Authorities (CAs) and that they are not expired or self-signed.

  2. Compare Certificates: Compare the details of the certificates on both the CDN and the origin server to identify any discrepancies, such as different issuers, expiration dates, or domain names.

  3. Update Certificates: If there are discrepancies, you will need to update one or both certificates to ensure they match. This might involve renewing a certificate, updating the domain name, or changing the CA.

  4. Configure CDN to Use Origin Certificate: If you prefer to use the certificate from your origin server, you can configure your CDN to use the origin server’s certificate instead of its own. This is often possible through the CDN provider’s control panel.

  5. Use a Unified Certificate: For simplicity and to avoid conflicts, consider using the same certificate across both your CDN and origin server. This can be achieved by issuing a certificate that covers both domains (e.g., using a wildcard or multi-domain certificate).

  6. Test Configuration: After making changes, thoroughly test your configuration to ensure that the certificates are correctly applied and that there are no security warnings or errors.

Example: Suppose your website uses a CDN to deliver content. The CDN has its own certificate, but you want to use a certificate from your origin server because it includes additional security features. You would need to update the CDN configuration to use the origin server’s certificate. This might involve uploading the certificate and private key to the CDN provider’s control panel and configuring the CDN to use these credentials for HTTPS connections.

Recommendation: If you are using Tencent Cloud, you can manage your certificates through the Tencent Cloud Certificate Management (TCM) service. TCM allows you to upload your own certificates or request new ones, and you can easily bind these certificates to your CDN services to ensure secure and consistent HTTPS connections.