Page tree
Skip to end of metadata
Go to start of metadata

OnApp customers can import their own SSL certificates by applying the Subject Name Indication (SNI) extension.  

SNI lets the client specify the hostname it is trying to reach at the start of the handshaking process. SNI is supported by most modern browsers, and provides an efficient way to deliver content over HTTPS using your own domain and SSL certificate. Custom SNI SSL relies on the SNI extension of the Transport Layer Security protocol, which allows multiple domains to serve SSL traffic over the same IP address by including the hostname viewers are trying to connect to.

Previously, OnApp applied SAN SSL certificate from a certificate authority to which additional certified domains can be added. This allowed you to host several domains on one IP by sharing the same certificate, and add all domains to this IP. However, the number of domains per SAN certificate is limited. Moreover, the certificate's size increases as more domains are added. This causes additional bandwidth to be used for the SSL handshake.

Currently, OnApp applies the CloudSSL+SNI solution. Users can import custom SNI SSL certificates into the system or request SSL to be enabled for their CDN resource. One SSL certificate can be associated with several CDN resources, but a resource can only be linked to one SSL certificate. However, some of the older browsers do not support SNI. In this case, users who prefer browsers that do not support SNI can purchase an SSL certificate and the SAN solution will be applied. On questions about the SSL certificate purchase, please contact OnApp support.

For the list of browsers that do not support SNI, kindly refer to the Server Name Indication article.

OnApp currently supports the following types of certificates:

  • domain-validated (DV) certificate (
    • single certificate
    • wildcard certificate (*
    • SAN certificate (any domains)
  • organization validation (OV) certificates
    • single certificate
    • wildcard certificate (*
    • SAN certificate (any domains)
  • extended validation (EV) certificates
    • single certificate
    • wildcard certificate (*
    • SAN certificate (any domains)
  • high-assurance certificates 
  • This feature is available for HTTP Pull and HTTP Push resources only.
  • To add custom SNI SSL certificates, the user needs to have CDN resources in the cloud and CDN SSL Certificates permissions.
  • Custom SNI SSL certificates can be used for secondary hostnames.
  • A custom SNI SSL certificate can only be associated with a CDN resource if the certificate and the resource have the same owner. The drop-down list of SSL certificates in the CDN resource creation wizard shows only the certificates of the user who will be the resource owner.
  • When a custom SNI SSL certificate is associated with a CDN resource, the certificate applies only to the edge servers subscribed to that resource.
#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels