Secure Delivery
Use HTTPS to securely deliver content from an edge server to the end user.
Note: The following protocols are supported by the edge servers: TLS1.0, TLS1.1, TLS1.2. SSLv2, SSLv3, and RC4 (refer to RFC7465) are not supported.
Certificates for Origin Servers
If you use a virtual server or a load balancer as your origin server, you must provide a certificate that links with the certificates shown in the table below.
| Common Name | Expiry Date | SHA-1 Fingerprint |
|---|---|---|
| AddTrust External CA Root | May 30 2020 | 02faf3e291435468607857694df5e45b68851868 |
| AffirmTrust Commercial | December 31 2030 | f9b5b632455f9cbeec575f80dce96e2cc7b278b7 |
| AffirmTrust Networking | December 31 2030 | 293621028b20ed02f566c532d1d6ed909f45002f |
| AffirmTrust Networking | May 29 2029 | 5f3b8cf2f810b37d78b4ceec1919c37334b9c774 |
| AffirmTrust Premium | December 31 2040 | d8a6332ce0036fb185f6634f7d6a066526322827 |
| AffirmTrust Premium | September 30 2023 | 36b12b49f9819ed74c9ebc380fc6568f5dacb2f7 |
| America Online Root Certification Authority 2 | September 29 2037 | 85b5ff679b0c79961fc86e4422004613db179284 |
| Baltimore CyberTrust Root | May 13 2025 | d4de20d05e66fc53fe1a50882c78db2852cae474 |
| Certum CA | June 11 2027 | 6252dc40f71143a22fde9ef7348e064251b18118 |
| Class 2 Primary CA | July 7 2019 | 74207441729cdd92ec7931d823108dc28192e2bb |
| COMODO Certification Authority | January 1 2030 | 6631bf9ef74f9eb6c9d5a60cba6abed1f7bdef7b |
| Cybertrust Global Root | December 15 2021 | 5f43e5b1bff8788cac1cc7ca4a9ac6222bcc34c6 |
| DigiCert Assured ID Root CA | November 10 2031 | 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43 |
| DigiCert Global Root CA | November 10 2031 | a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c5436 |
| DigiCert High Assurance EV Root CA | November 10 2031 | 5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25 |
| DST Root CA X3 | September 30 2021 | dac9024f54d8f6df94935fb1732638ca6ad77c13 |
| Entrust Root Certification Authority | November 28 2026 | b31eb1b740e36c8402dadc37d44df5d4674952f9 |
| Entrust.net Certification Authority (2048) | July 24 2029 | 503006091d97d4f5ae39f7cbe7927d7d652d3431 |
| GeoTrust Global CA | May 21 2022 | de28f4a4ffe5b92fa3c503d1a349a7f9962a8212 |
| GeoTrust Primary Certification Authority | July 17 2036 | 323c118e1bf7b8b65254e2e2100dd6029037f096 |
| GeoTrust Primary Certification Authority - G3 | December 2 2037 | 039eedb80be7a03c6953893b20d2d9323a4c2afd |
| Global Chambersign Root | October 1 2037 | 339b6b1450249b557a01877284d9e02fc3d2d8e9 |
| GlobalSign | December 15 2021 | 75e0abb6138512271c04f85fddde38e4b7242efe |
| GlobalSign | March 18 2029 | d69b561148f01c77c54578c10926df5b856976ad |
| GlobalSign Root CA | January 28 2028 | b1bc968bd4f49d622aa89a81f2150152a41d829c |
| Go Daddy Root Certificate Authority - G2 | January 1 2038 | 47beabc922eae80e78783462a79f45c254fde68b |
| Network Solutions Certificate Authority | January 1 2030 | 74f8a3c3efe7b390064b83903c21646020e5dfce |
| QuoVadis Root CA 2 | November 25 2031 | ca3afbcf1240364b44b216208880483919937cf7 |
| QuoVadis Root CA 2 | June 30 2034 | 2796bae63f1801e277261ba0d77770028f20eee4 |
| QuoVadis Root CA 3 | November 25 2031 | 1f4914f7d874951dddae02c0befd3a2d82755185 |
| QuoVadis Root Certification Authority | March 18 2021 | de3f40bd5093d39b6c60f6dabc076201008976c9 |
| SecureTrust CA | January 1 2030 | 8782c6c304353bcfd29692d2593e7d44d934ff11 |
| StartCom Certification Authority | September 18 2036 | 3e2bf7f2031b96f38ce6c4d8a85d3e2d58476a0f |
| SwissSign Gold CA - G2 | October 25 2036 | d8c5388ab7301b1b6ed47ae645253a6f9f1a2761 |
| SwissSign Silver CA - G2 | October 25 2036 | 9baae59f56ee21cb435abe2593dfa7f040d11dcb |
| SwissSign Silver CA - G2 | June 6 2037 | feb8c432dcf9769aceae3dd8908ffd288665647d |
| TC TrustCenter Class 2 CA II | January 1 2026 | ae5083ed7cf45cbc8f61c621fe685d794221156e |
| thawte Primary Root CA | July 17 2036 | 91c6d6ee3e8ac86384e548c299295c756c817b81 |
| thawte Primary Root CA - G3 | December 2 2037 | f18b538d1be903b6a6f056435b171589caf36bf2 |
| UTN - DATACorp SGC | June 25 2019 | 58119f0e128287ea50fdd987456f4f78dcfad6d4 |
| UTN-USERFirst-Hardware | July 10 2019 | 0483ed3399ac3608058722edbc5e4600e3bef9d7 |
| VeriSign Class 3 Public Primary Certification Authority - G3 | July 17 2036 | 132d0d45534b6997cdb2d5c339e25576609b5cc6 |
| VeriSign Class 3 Public Primary Certification Authority - G5 | July 17 2036 | 4eb6d578499b1ccf5f581ead56be3d9b6744a5e5 |
| VeriSign Class 4 Public Primary Certification Authority - G3 | July 17 2036 | c8ec8c879269cb4bab39e98d7e5767f31495739d |
| VeriSign Universal Root Certification Authority | December 2 2037 | 3679ca35668772304d30a5fb873b0fa77bb70d54 |
Note:
- Self-signed certificates created by the user are not supported.
- An unlimited license is not required.
- If you already have the certificate for a domain name that will be used on an application (example: www.company.com), it can be used as the certificate for the origin server. If you do not have a certificate, prepare one for only the origin server (example: origin.company.com).
When Using a Unique Domain
When using a unique domain, it is necessary to register the server certificate on the edge server. It is necessary to apply using an application form. Obtain the "Content Delivery Service Unique Domain Secure Delivery Form" application form from customer service.
-
We apply for the certificate on your behalf, and arrange and manage it on the edge server.
- It is not possible to use a certificate that you already have.
- It is not possible to download the private key for your certificate.
- The certificate is a Subject Alternative Name (SAN) certificate.
- It is not possible to use wildcard certificates.
- The TLS Version and Cipher Set are automatically updated.
- Use is not possible in China and Russia.
- It is not possible to change a domain name that has been applied for to another domain name.
-
The updating of certificates is performed automatically.
- The Certificate Authority regularly authenticates domain names.
- When updating is successful, the limit of the certificate is automatically extended.
- When update fails due to a reason such as communication not being possible, there is a possibility that the certificate for the relevant domain has expired.
- It is also necessary to apply using an application form when deleting a certificate. Charges will be incurred for the certificate until the application is processed.
- The types of certificates are DV (Domain Validated) and SNI (Server Name Indication).
- A single certificate is shared with other customers. The name of the customer's domain is stored in the DNS Name field of the certificate.
- Signing is performed by Let's Encrypt.
- It is usually possible to start use within five working days.
-
As domain validation is performed during authentication, build an accessible origin server in the domain name that will be applied for. At that time, open TCP port 80, and configure redirection as below. As updating will be performed on the edge server side, port 80 can be closed if so desired.
Table 2. Redirect Settings Item Value Access destination Under "http://Application_domain/.well-known/acme-challenge/" Redirect destination http://dcv.akamai.com/.well-known/acme-challenge/