This is part three of our Five Advanced CDN Configurations for the Serious User blog series.
Server Name Indication, or SNI, is a method by which clients such as web browsers can securely designate the domain that they are attempting to access before completing the SSL handshake. That means that custom SSL certificates can be used on a multi-tenant system like Highwinds CDN without having to consume scarce dedicated IPv4 address space, a necessity for a truly scalable, secure web.
Some CDNs only offer security via a wildcard certificate and via dedicated IP with custom certificates. However, it would be ideal if the CDN utilizes full SNI support. That means customers can genuinely secure the traffic of their own domains in a cost effective manner and without having to rely on a shared certificate.
Speaking of certificates, you should look for a CDN that employs a fully-encrypted configuration queue on top of real-time configuration capabilities. In turn, it will help expose end points in both its management portal and RESTful API (representational state transfer) to securely consume customer certificates and deliver them to the global PoP (points of presence) footprint with no human interaction and with sub-second completion times.
Some of the many benefits of protecting content with SNI and certificates include:
✔ End users can safely and privately validate against your certificates on any host configurations you’ve defined.
✔ You can update certificate frequency as often as you like.
✔ It will be worry-free if you have a short time-to-live on your certificate.
✔ You can manage any given number of certificates.
✔ Moving to a 100% SSL web is the future. That means it’s more secure, and just as performant, without being harder to use.
Most CDNs do not offer a 100% SSL footprint. However, choosing a CDN that has HTTPS available in every CDN PoP, you will be able to enjoy full SNI support and other certificate management features.