The article describes the current SSL options available to StackPath Secure CDN customers.
Shared SSL is free, enabled by default, and is a good option to provide protection for assets being delivered through the StackPath Secure CDN. When using Shared SSL, the URL's of assets being delivered through the StackPath SecureCDN will look like site.company.stackpathdns.com and is available via http and https. Please note that the certificate for this domain only covers the *.stackpathdns.com hostname and does not cover a CNAME to this domain.
Only assets served by the StackPath Secure CDN are protected with a Shared SSL certificate.
Some customers prefer to hide the CDN url of assets on their website and use a namespace that is tied to their domain. For these customers the SNI SSL option is a better option.
SNI SSL allows you to install your own custom SSL certificate using a shared IP address. SNI is widely supported in modern browsers, but can potentially cause compatibility issues with old browsers versions and some mobile devices (IE6 on Windows XP or older).
This option will allow you to install your own SSL Certificate, Private Key, and CA/Chain-Bundle (if you have one). You need to click on each option to open the text box in which you will paste the data; whether it is the SSL Certificate, the Private Key, and the CA/Chain-Bundle. It will take about a minute or less, then the SSL certificate will be installed.
SNI is widely supported in modern browsers, but older versions and some mobile devices might encounter compatibility issues. Shared IP addresses are used with SNI SSL.
The image below provided a quick description of how SNI SSL works: