All Products
Search
Document Center

Edge Security Acceleration:Configure a common name whitelist

Last Updated:Aug 14, 2024

When Dynamic Content Delivery Network (DCDN) points of presence (POPs) connect to origin servers over HTTPS, the system compares common names in the certificates that are returned by the origin servers with Server Name Indication (SNI) values that are included in client requests. You can enable the common name whitelist feature and add SNIs to the whitelist. This way, DCDN POPs can connect to origin servers.

Prerequisites

The common name whitelist feature is enabled. By default, it is unavailable to external users. To use the feature, submit a ticket.

Background information

A common name refers to a specific website domain name that is used to apply for a Secure Sockets Layer (SSL) certificate. The following figure shows that a client request is rejected when the SNI value that is included in the request does not match the common name in the certificate that is returned by the origin server. As a result, the DCDN POP fails to connect to the origin server over HTTPS. If you enable the common name whitelist feature and add domain2 to the common name whitelist, the POP can connect to the origin server over HTTPS. Common Name示意图

Procedure

  1. Log on to the DCDN console.

  2. In the left-side navigation pane, click Domain Names.

  3. On the Domain Names page, find the domain name that you want to manage and click Configure in the Actions column.

  4. In the left-side navigation tree of the domain name, click Origin Fetch.

  5. On the Origin Fetch tab, find Common Name Whitelist - Beta, and turn on Status.

  6. Enter the domain name that you want to add to the common name whitelist.

    Note

    You can enter multiple domain names. Separate the domain names with commas (,). Example: example.com,example.org,example.net.

  7. Click OK.