https://www.eknix.com/tags/tls/Recent content in TLS on Eknix — Web security & performance for the enterpriseHugoen-us© {year} EKNIX LTD. All rights reserved.Tue, 15 Jul 2025 00:00:00 +0000https://www.eknix.com/blog/cdn-to-origin-certificates/Tue, 15 Jul 2025 00:00:00 +0000https://www.eknix.com/blog/cdn-to-origin-certificates/<p>There&rsquo;s a common assumption that because a CDN handles the TLS connection your users see — the certificate shown in the browser&rsquo;s address bar — you don&rsquo;t need to think too hard about certificates on your origin. That&rsquo;s wrong, and the consequences show up as cryptic error codes rather than obvious failures.</p> <p>A CDN like Akamai doesn&rsquo;t act as a transparent tunnel. It terminates the TLS session from the client, inspects and processes the request, then opens a <em>new</em> TLS session toward your origin. Two separate connections, two separate certificate validations.</p>