httphttp-redirecthttpsdnscname

Why isn’t it possible to use a CNAME alias to Google Storage with HTTPS?


The Google Storage documentation page states that You can use a CNAME redirect only with HTTP, not with HTTPS. But I cannot see any reason for that. Can anyone explain me why?


Solution

  • Assume you have a CNAME record:

    travel-maps.example.com CNAME c.commondatastorage.googleapis.com.
    

    Browser resolves name travel-maps.example.com and gets IP for c.commondatastorage.googleapis.com, then connects to port 443 of this address.

    Server with this IP couldn't possibly[1] have proper certificate for travel-maps.example.com (and all other domain names with CNAME records like this). Only example.com domain owner could get a trusted cert for his own domain.

    [1] Unless you uploaded the certificate to the CDN network which is a common feature nowadays.