StackPath sites offer several quickly-configured settings to make your site customization quick and easy. Origin SSL Validation enables SSL validation of the origin server.
This setting can be found under the Site Settings tab in the StackPath control portal.
SSL certificates increase the security of a site in two big ways:
- They allow end-to-end encryption of data. This is good because it keeps information from being intercepted by anyone between the client and the server.
- They verify the server's identity. Without this kind of verification, man-in-the-middle attacks become possible.
The Pull Protocol setting above allows you to control whether the connection between the CDN and your origin is encrypted (over https) or not (http), but by default, the CDN does not check whether the SSL certificate on the origin is valid and certified by a Certificate Authority.
By enabling SSL validation of your origin here, you can greatly reduce the possibility of any man-in-the-middle interceptions between the CDN and your origin. With this active, the CDN will ensure the validity of your origin certificate before completing any connection. This includes ensuring the identity of your server with your signing CA.
If you do activate this option, it is important to keep the certificate up to date.
The portal warns against self-signed certificates and expired SSLs for a reason. When the CDN checks your certificate, if the certificate is out of date or does not have a recognized CA, the CDN will not connect to your origin or pull any data from it. This will break your site.
If you have any questions or experience any difficulties with your configuration, please feel free to contact StackPath Support via ticket.