How does Liaoning CDN have both private key protection and Https acceleration? What is a certificate/private key? In the digital network world, a certificate is a valid identifier of a person or an entity. Like an ID card in daily life, it can uniquely identify an entity, such as a website. The "private key" corresponding to the certificate is the key to prove that the entity is the certificate holder. In the widely deployed SSL/tLs protocol, websites prove their authenticity to users on the other side of the network by transmitting their own certificates and corresponding "private key" signature information. Therefore, the private key plays an extremely important role in network authentication. In other words, stealing or abusing the private key in any form will lead to the cloning of the website, and then malicious attackers can "phish" users. The protection of private keys is very important in the Internet. The private key is the core asset of companies providing Internet services.

Especially with the continuous expansion of the Internet, the previous point of service model can no longer meet the needs of a large number of Internet users. Large-scale deployment of traditional cdn or new cloud based cdn to provide high-quality internet content services. Cdn is a basic network service, usually provided by third-party service providers or telecom operators, which means that the security control of content on cdn is far beyond the control of website operators. Especially for websites that need to provide Https services, if they want to use cdn to cache and distribute their content, they must deploy corresponding private keys on the service nodes of cdn to meet the authentication requirements of end users when accessing Https. As mentioned earlier, website operators always pay attention to the security of the private key deployed on the external cdn node.

Cdn service providers have proposed different security policies. Cdn service providers provide different private key management solutions according to user needs. The first is full private key escrow, that is, the website operator sends the private key used by the website to the cdn service provider through a secure channel, and the cdn service provider deploys the corresponding Https node on its behalf. Of course, this approach cannot eliminate previous security concerns. Therefore, the cdn service provider will also provide another strategy, that is, sharing certificates, which is actually equivalent to the cdn service provider re applying for a new set of certificates. Entities that can pass certificate verification include websites supported by cdn service providers, and the private key is held by cdn service providers. To some extent, this method alleviates website operators' concerns about the security of their own private keys, because they use the private key of the shared certificate of the cdn service provider instead of the private key of their own website. On the other hand, how to ensure the security of the shared certificate private key is also a problem faced by the cdn service provider. At the same time, this way of sharing certificates also increases the management burden of website operation and additional certificate maintenance costs.

How does Liaoning CDN have both private key protection and Https acceleration? The server is a multi IP station group, usually leading in the United States. Multiple IPs are very important for the website of a website group. The United States happens to have rich IP resources, with many independent IPs. Of course, our company also has American hosts for rent, which are specially used for station groups. Professional matching can make you more comfortable. What is a multi IP server? Usually, a server with multiple IP servers can be understood as a server with multiple IP numbers at the same time. Multiple websites can be placed under multiple IPs.