Allowed certificate authorities for enabling custom HTTPS

Specific certificate requirements are required when you enable the HTTPS feature by using your own certificate for an Azure CDN (Content Delivery Network) custom domain.

  • The Azure CDN Standard from Microsoft profile requires a certificate from one of the approved certificate authorities (CA) in the following list. If a certificate from an unapproved CA or if a self-signed certificate is used, the request is rejected.

  • Azure CDN Standard from Verizon and Azure CDN Premium from Verizon profiles accept any valid certificate from any valid CA. Verizon profiles don't support self-signed certificates.

Note

The option of using your own certificate to enable the custom domain HTTPS feature is not available for Azure CDN Standard from Akamai profiles.

The following CAs are allowed when you create your own certificate:

  • AddTrust External CA Root
  • AlphaSSL Root CA
  • AME Infra CA 01
  • AME Infra CA 02
  • Ameroot
  • APCA-DM3P
  • Atos TrustedRoot 2011
  • Autopilot Root CA
  • Baltimore CyberTrust Root
  • Class 3 Public Primary Certification Authority
  • COMODO RSA Certification Authority
  • COMODO RSA Domain Validation Secure Server CA
  • D-TRUST Root Class 3 CA 2 2009
  • DigiCert Cloud Services CA-1
  • DigiCert Global Root CA
  • DigiCert Global Root G2
  • DigiCert High Assurance CA-3
  • DigiCert High Assurance EV Root CA
  • DigiCert SHA2 Extended Validation Server CA
  • DigiCert SHA2 High Assurance Server CA
  • DigiCert SHA2 Secure Server CA
  • DST Root CA X3
  • D-trust Root Class 3 CA 2 2009
  • Encryption Everywhere DV TLS CA
  • Entrust Root Certification Authority
  • Entrust Root Certification Authority - G2
  • Entrust.net Certification Authority (2048)
  • GeoTrust Global CA
  • GeoTrust Primary Certification Authority
  • GeoTrust Primary Certification Authority - G2
  • Geotrust RSA CA 2018
  • GlobalSign
  • GlobalSign Extended Validation CA - SHA256 - G2
  • GlobalSign Organization Validation CA - G2
  • GlobalSign Root CA
  • Go Daddy Root Certificate Authority - G2
  • Go Daddy Secure Certificate Authority - G2
  • Hongkong Post Root CA 1
  • Let's Encrypt Authority X3
  • Microsec e-Szigno Root CA 2009
  • QuoVadis Root CA2 G3
  • RapidSSL RSA CA 2018
  • Security Communication RootCA1
  • Security Communication RootCA2
  • Security Communication RootCA3
  • SSL.com Root Certification Authority ECC
  • SSL.com Root Certification Authority RSA
  • SSL.com EV Root Certification Authority ECC
  • SSL.com EV Root Certification Authority RSA R2
  • Staat der Nederlanden EV Root CA
  • Symantec Class 3 EV SSL CA - G3
  • Symantec Class 3 Secure Server CA - G4
  • Symantec Enterprise Mobile Root for Microsoft
  • Thawte Primary Root CA
  • Thawte Primary Root CA - G2
  • Thawte Primary Root CA - G3
  • Thawte RSA CA 2018
  • Thawte Timestamping CA
  • TrustAsia TLS RSA CA
  • VeriSign Class 3 Extended Validation SSL CA
  • VeriSign Class 3 Extended Validation SSL SGC CA
  • VeriSign Class 3 Public Primary Certification Authority - G5
  • VeriSign International Server CA - Class 3
  • VeriSign Time Stamping Service Root
  • VeriSign Universal Root Certification Authority