Troubleshooting HTTPS Setup

Purpose

The purpose of this procedure is to check for common issues when setting up our CDN service for HTTPS data delivery.

TLS Certificate

A TLS certificate is required for HTTPS data delivery. TLS certificate setup varies according to whether your account has been upgraded to use our Certificate Provisioning System. If you are still using our legacy HTTPS solution, please review the following checklist.

Checklist:

Verify that either of the following items was provided to your CDN account manager:

  • Authorization to purchase a TLS certificate.
  • An existing TLS certificate.

Verify the accuracy of the supporting information provided with the above request:

Fully Qualified Domain Name or wildcard domain

Platform

Verify with your account manager that the TLS certificate has been deployed on the CDN.

Edge CNAME

An edge CNAME configuration is required for HTTPS data delivery .

Checklist:

Verify that the edge CNAME configuration meets the following requirements:

  • Platform: An edge CNAME configuration must be created on the platform specified during TLS certificate submission.
  • Hostname: It must point to the hostname defined in the TLS certificate.
  • Origin Server: It should point to the desired origin server.

Verify that an hour has elapsed since setting up or modifying the above edge CNAME configuration.

Customer Origin Configuration

The customer origin selected in the edge CNAME configuration must be properly configured to support HTTPS delivery.

Checklist:

Customer Origin Group: Verify that your origin entries have been configured to use the HTTPS Only mode. the HTTPS Edge Protocol option has been enabled and configured on the desired customer origin configuration.

Customer Origin - Legacy: Verify that the HTTPS Edge Protocol option has been enabled and configured on the desired customer origin configuration.

DNS

A CNAME record for the hostname defined in the TLS certificate is required for HTTPS data delivery. This step must be performed from your DNS service provider.

Checklist:

Verify that a CNAME record points the desired hostnameIdentifies the hostname to which requests will be directed. This hostname is defined in the TLS certificate and in the New Edge Cname option. Example: cname.mydomain.com to the proper CDN hostnameThis hostname, which is used internally by the CDN service to route requests to a specific TLS certificate, is provided by your CDN account manager..

  • Multiple TLS Certificates: There is no guarantee that all of your TLS certificates will be placed on the same hostname. Therefore, it is important to keep track of the hostnames associated with each TLS certificate.

Dig

Use Dig to verify the DNS configuration for the hostname defined in the edge CNAME configuration.

Checklist:

Dig the hostnameIdentifies the hostname to which requests will be directed. This hostname is defined in the TLS certificate and in the New Edge Cname option. Example: cname.mydomain.com associated with the edge CNAME configuration.

Verify that the edge CNAME's hostname points to the hostname defined in the welcome letter for TLS.