2

I have a website running on a domain (e.g site.com). I have an additional domain(e.g sitecdn.com) which basically points to Amazon Cloudfront for delivery. Amazon Cloudfront in turn basically fetches the data from the main domain (site.com). I use this setup primarily to have multiple subdomains of my sitecdn.com to point to assets via the cdn.

The main website has a ssl certificate, and I intend to put all assets served from the cdn as https links only. Something like 

<img src="https://img.sitecdn.com/image.jpg" />

I'm a little confused whether I need a ssl for my cdn domain. In cloudfront I can set the setting to allow both https and http traffic.

Do I need a ssl certificate for this ? If yes, then where do I install the ssl certificate, since I don't have a server for sitecdn.com.

hashpipe
  • 23
  • 4

2 Answers2

0

Yes, you do, and you'll need it on the img.sitecdn.com server. Anywhere you want to use an HTTPS URL, the server(s) responsible for serving that site will need a certificate; preferably, a properly-signed certificate.

If you use a self-signed certificate, most browsers will complain about elements loaded from sitecdn.com when loading the https://site.com page.

If you serve those elements under http, most browsers will complain about the mixed-security mode when loading the https://site.com page.

Edit: serving HTTPS content from a cloud of servers is quite an undertaking, and yes, afaik it would involve installing an HTTPS key/certificate pair on every server that might be called on to provide that service. If I were you, I wouldn't bother to do that, but instead serve all the content from the site.com server.

MadHatter
  • 79,770
  • 20
  • 184
  • 232
  • thanks..but I don't have a server for sitecdn.com..I just point it to a cloudfront distribution. How could we include cloudfront in the mix then ? Statically host sitecdn.com (with the cert), and then point each subdomain to cloudfront ? Or totally get rid of the sitecdn.com domain, and run everything from the main site (& subdomains) ? Any simpler workaround to this ? – hashpipe Oct 18 '12 at 07:35
  • thanks @MadHatter ..better to server everything from one place only then.. – hashpipe Oct 18 '12 at 12:50
0

With HTTPS, Amazon CloudFront only supports using the cloudfront.net hostname assigned to you. So you won't be able to use your own domain name anyway; you'll have to use https://whatever.cloudfront.net/resource.jpg instead.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972