CDN SSL Certificates API

OnApp customers can import their own SSL certificates with the Subject Name Indication (SNI) extension.  One SSL certificate can be associated with several CDN resources, but a resource can only be linked to one SSL certificate.

However, some of the older browsers do not support SNI. In this case, users who prefer browsers that do not support SNI can purchase an SSL certificate and the SAN solution will be applied. On questions about the SSL certificate purchase, please contact OnApp support.

For the list of browsers that do not support SNI, kindly refer to the Server Name Indication article.

OnApp currently supports the following types of certificates:

  • domain-validated (DV) certificate (example.com)
    • single certificate
    • wildcard certificate (*.example.com)
    • SAN certificate (any domains)
  • organization validation (OV) certificates
    • single certificate
    • wildcard certificate (*.example.com)
    • SAN certificate (any domains)
  • extended validation (EV) certificates
    • single certificate
    • wildcard certificate (*.example.com)
    • SAN certificate (any domains)
  • high-assurance certificates 
  • This feature is available for HTTP Pull and HTTP Push resources only.
  • To add custom SNI SSL certificates, the user needs to have CDN resources in the cloud and CDN SSL Certificates permissions.
  • Custom SNI SSL certificates can be used for secondary hostnames.
  • A custom SNI SSL certificate can only be associated with a CDN resource if the certificate and the resource have the same owner. When you link a resource to a certificate you should only specify the IDs of those certificates that were added by the user with whom the new resource will be associated. If you indicate some other certificate's ID an error will occur.
  • When a custom SNI SSL certificate is associated with a CDN resource, the certificate applies only to the edge servers subscribed to that resource.