Our website uses cookies to improve your user experience.
Read more
I accept
Attention
You have Cookie disabled in your browser. Displaying the site will be incorrect!
Contact
Resources
Partners
en ru de
Get started for free
en ru de
Back to blog

What is Origin SSL Certificate Verification

The G-Core Labs CDN uses advanced technology to protect and secure content delivery.

To enhance security, we’ve built an origin server authentication mechanism into the content retrieval process.

Why do I need an origin SSL certificate?

When configuring the protocol for interaction with the origin, you specify the protocol by which the CDN servers will contact the origin for content. You can decide whether the connection should be encrypted (HTTPS) or not (HTTP).

What is Origin SSL Certificate Verification

If HTTPS is selected, cache servers will access and receive content from the origin over HTTPS. This process is encrypted but it doesn’t protect against man-in-the-middle attacks because, by default, the cache server doesn’t check whether the responding server belongs to the client when requesting content.

What is Origin SSL Certificate Verification
Man-in-the-middle attack scheme

To ensure the security of the transmitted data, use the “Validate origin using SSL” option.

This option also allows clients to check the validity of requests from our cache servers without using a list of IP addresses and constantly updating it.

How does it work?

You specify the PEM-encoded public part of the X.509 digital certificate in our system. The other part of the certificate is stored on your origin server. Each certificate in the system is assigned its own identifier, and this information is stored on each CDN server. You can request information about a certificate (or about all certificates available in the system) and change its name at any time.

What is Origin SSL Certificate Verification
Origin server validation scheme

  1. When a request comes from a user, the cache server contacts the origin server for access to protected information.
  2. In response, the origin server provides its X.509 certificate.
  3. The cache server checks the digital signature of the public key in the system.
  4. If successful, the cache server sends its certificate to the origin server.
  5. The origin server verifies the received certificate in the same way.
  6. If this check is also successful, the origin server provides access to protected information.
  7. The CDN fetches content from the origin server and caches it for transmission to the user.
  8. If certificate verification fails, the cache server automatically rejects the request and doesn’t send data to an unverified server.

How do I enable this feature?

For now, this feature can only be enabled via API.

Enable feature
Subscribe to a useful newsletter

Favorable offers and important news once a month. No spam

Subscribe to a useful newsletter

Favorable offers and important news once a month. No spam.

FacebookLinkedInYouTubeWeiboTwitterInstagram
Made in Luxembourg Association of the internet industry World Records Guinness

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Viza Mastercard Viza Mastercard PayPal

G‑Core Labs S.A. © 2015–2020 All rights reserved. Principal place of business and postal address: 2А Rue Albert Borschette, 1246 Luxembourg