Points of presence (POPs) compare the certificate Common Name that is returned by the origin server with the server name indication (SNI) value that is included in an HTTPS request. If the SNI value does not match the Common Name, the origin fetch request fails. After you add the certificate Common Name to the whitelist, origin fetch requests can complete even if the SNI value does not match the Common Name.
Examples
If the SNI value does not match the Common Name, the POP fails to establish a connection to the origin server, as shown in the following figure.
If you add domain2 to the Common Name whitelist, the connection can be established successfully.
Procedure
-
Log on to the CDN console.
-
In the left navigation pane, click Domain Names.
-
On the Domain Names page, find the target domain name and click Manage in the Actions column.
-
In the domain's navigation pane, click Origin Fetch.
In the Common Name Whitelist section, turn on Common Name Whitelist.
-
In the dialog box, enter one or more domain names in the whitelist field. Separate multiple domain names with a comma.
Click OK.