Allowed certificate authorities for enabling custom HTTPS on Azure CDN

You must meet specific certificate requirements when you enable the HTTPS feature by using your own certificate for an Azure Content Delivery Network (CDN) custom domain. The Azure CDN Standard from Microsoft profile requires a certificate from one of the approved certificate authorities (CA) in the following list. If a certificate from an unapproved CA or if a self-signed certificate is used, the request is rejected. Azure CDN Standard from Verizon and Azure CDN Premium from Verizon profiles accept any valid certificate from any valid CA.

Note

The option of using your own certificate to enable the custom domain HTTPS feature is not available for Azure CDN Standard from Akamai profiles.

The following CAs are allowed when you create your own certificate:

  • AddTrust External CA Root
  • AlphaSSL Root CA
  • AME Infra CA 01
  • AME Infra CA 02
  • Ameroot
  • APCA-DM3P
  • Autopilot Root CA
  • Baltimore CyberTrust Root
  • Class 3 Public Primary Certification Authority
  • COMODO RSA Certification Authority
  • COMODO RSA Domain Validation Secure Server CA
  • D-TRUST Root Class 3 CA 2 2009
  • DigiCert Cloud Services CA-1
  • DigiCert Global Root CA
  • DigiCert High Assurance CA-3
  • DigiCert High Assurance EV Root CA
  • DigiCert SHA2 Extended Validation Server CA
  • DigiCert SHA2 High Assurance Server CA
  • DigiCert SHA2 Secure Server CA
  • DST Root CA X3
  • D-trust Root Class 3 CA 2 2009
  • Encryption Everywhere DV TLS CA
  • Entrust Root Certification Authority
  • Entrust Root Certification Authority - G2
  • Entrust.net Certification Authority (2048)
  • GeoTrust Global CA
  • GeoTrust Primary Certification Authority
  • GeoTrust Primary Certification Authority - G2
  • Geotrust RSA CA 2018
  • GlobalSign
  • GlobalSign Extended Validation CA - SHA256 - G2
  • GlobalSign Organization Validation CA - G2
  • GlobalSign Root CA
  • Go Daddy Root Certificate Authority - G2
  • Go Daddy Secure Certificate Authority - G2
  • QuoVadis Root CA2 G3
  • RapidSSL RSA CA 2018
  • Symantec Class 3 EV SSL CA - G3
  • Symantec Class 3 Secure Server CA - G4
  • Symantec Enterprise Mobile Root for Microsoft
  • Thawte Primary Root CA
  • Thawte Primary Root CA - G2
  • Thawte Primary Root CA - G3
  • Thawte RSA CA 2018
  • Thawte Timestamping CA
  • TrustAsia TLS RSA CA
  • VeriSign Class 3 Extended Validation SSL CA
  • VeriSign Class 3 Extended Validation SSL SGC CA
  • VeriSign Class 3 Public Primary Certification Authority - G5
  • VeriSign International Server CA - Class 3
  • VeriSign Time Stamping Service Root
  • VeriSign Universal Root Certification Authority