What is Origin SSL Certificate Verification

Products

CDN & DNS
Cloud Computing & Bare Metal
Video Streaming
Containers & Middleware
Virtual & Dedicated Servers
Security & DDoS Protection
Cloud Storage
Infrastructure & Networking
Hybrid Cloud
Monitoring & Logging
Custom Services

Product Components

CDN Global content delivery network.
Free CDN Entry-level plan for CDN user.
Video CDN Video delivery without delays or buffering anywhere in the world.
DNS Fast DNS servers around the world.

Features & Pricing

Features Top-notch technologies for the fastest content delivery.
Network Design The key parameters of our powerful network.
What Is CDN The basics of global content delivery.
Pricing Plans for any purpose.

Product Components

Cloud Virtual data center with flexible management and built-in platform services.
Virtual Instances Deployment and scaling of projects in just a few clicks.
Bare Metal Powerful physical servers with unlimited access.
AI-Infrastructure Special infrastructure to accelerate machine learning.
Private Cloud Your own cloud networks.
Apps Marketplace Access ready systems and applied services, or suggest your own product.

Features & Pricing

Cloud Calculator Cloud services cost estimation.

Product Components

Streaming Platform Support for all stages of broadcasting from creating and capturing videos, to playback.
Live Streaming Low latency streaming to 1,000,000+ viewers.
Group Video Calls Real-time communication inside your web, iOS and Android apps.
Computer Vision Objects recognition and video analysis based on machine learning.

Features & Pricing

Streaming Features The complete list of functions for improving video online.
HESP High-Efficiency Streaming Protocol for delivering video low latency, low bandwidth, at scale.
WebRTC Ultra-low latency streaming at scale.
Demo & Examples Live demo and integration examples.
Pricing & Calculator Plans for any purpose and cost estimation calculator.

Product Components

Managed Kubernetes Container management, scaling, and updating with automation.
Functions (FaaS) Simplified cloud deployment with out-of-the-box functions describing the business logic of applications.

Product Components

Hosting A variety of configurations in certified data centers around the world.
Virtual Servers VDS with excellent global connectivity.
Dedicated Servers Powerful servers around the world.
GPU Dedicated Servers Servers with powerful graphics cards for processing.
ISPmanager Licenses Choose control panel version.
SSL Certificates Choose an appropriate SSL certificate.

Features & Pricing

Upgrade Options IPs, VLAN, BGP, LACP.
Internet Options Internet connectivity plans
Looking Glass Connectivity test.
Virtual Server Configurator Hosting cost estimation.
Dedicated Server Configurator Hosting cost estimation.

Product Components

DDoS Protection All-in-one protection against complex cyberattacks.
Server Protection Protection of your infrastructure in our data centers.
Web Protection Real-time detection and mitigation of different types of non-standard traffic.
WAF Advanced protection against popular threats listed in the OWASP Top 10.
Bot Protection Effective prevention of parsing, fraud, and theft of personal data.

Features & Pricing

Pricing Plans for any purpose.

Product Components

S3/SFTP Storage Storing your data on our servers in Europe, the USA, and Asia.

Features & Pricing

Pricing Plans for any purpose.

Product Components

Load Balancers Availability of web applications during traffic bursts.

Product Components

Data Migration Move to our cloud quickly and without data loss.
Disaster Recovery Protection of your business IT infrastructure from downtime in the event of failures and crashes.

Product Components

Log Service Collect and analyze all project logs in a single repository.

Product Components

Premium Support 24/7 competent and friendly support.
Software Development Full-cycle development without the need to hire programmers.
IT Infrastructure Management Faster growth without investing in infrastructure.
Penetration Testing IT infrastructure and web applications trial for penetration

Why do I need an origin SSL certificate?

When configuring the protocol for interaction with the origin, you specify the protocol by which the CDN servers will contact the origin for content. You can decide whether the connection should be encrypted (HTTPS) or not (HTTP).

What is Origin SSL Certificate Verification

If HTTPS is selected, cache servers will access and receive content from the origin over HTTPS. This process is encrypted but it doesn’t protect against man-in-the-middle attacks because, by default, the cache server doesn’t check whether the responding server belongs to the client when requesting content.

Man-in-the-middle attack scheme

To ensure the security of the transmitted data, use the “Validate origin using SSL” option.

This option also allows clients to check the validity of requests from our cache servers without using a list of IP addresses and constantly updating it.

How does it work?

You specify the PEM-encoded public part of the X.509 digital certificate in our system. The other part of the certificate is stored on your origin server. Each certificate in the system is assigned its own identifier, and this information is stored on each CDN server. You can request information about a certificate (or about all certificates available in the system) and change its name at any time.

Origin server validation scheme

When a request comes from a user, the cache server contacts the origin server for access to protected information.

In response, the origin server provides its X.509 certificate.

The cache server checks the digital signature of the public key in the system.

If successful, the cache server sends its certificate to the origin server.

The origin server verifies the received certificate in the same way.

If this check is also successful, the origin server provides access to protected information.

The CDN fetches content from the origin server and caches it for transmission to the user.

If certificate verification fails, the cache server automatically rejects the request and doesn’t send data to an unverified server.

What is Origin SSL Certificate Verification

Why do I need an origin SSL certificate?

How does it work?

How do I enable this feature?