The Highwinds CDN supports the secure delivery of assets via HTTPS (HTTP over SSL). SSL connections are secured via the use of a certificate that forms a chain of trust between the customer's site, the CDN, and a certificate authority such as VeriSign, GoDaddy, etc. Customers can use either the Highwinds wildcard certificate or provide a custom certificate. Other certificate options may be available upon request.
Because certificate data must be kept secure at all times in order to ensure that the chain of trust cannot be broken, we ask that you do not send the unencrypted certificate and key data via public channels such as email. The following procedures have been developed to ensure that this data remains secure at all times. Step-by-step instructions are provided below, and security is ensured via the use of the PGP encryption scheme.
Using PGP-compatible software, the customer uses the Highwinds public key to encrypt their secure SSL certificate and key files. This key can then be sent via unsecured channels in encrypted form.
What is PGP?
Wikipedia describes PGP as the following:
Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security of e-mail communications.
How to Submit Your Certificate to Highwinds
There are many open-source and commercial software packages available for performing PGP encryption. Customers should download and select a PGP software package. A number of open-source implementations are listed here:
Download the Highwinds Support public key from:
Import the Highwinds Support public key.
$ gpg \--import highwinds-support-public-pgp-key.asc
Archive your cert and key.
tar czvf test.tar.gz /path/to/cert+key/
Encrypt the archive.
$ gpg \-e \-u "Local User" \-r "Highwinds Support" test.tar.gz
GnuPG will display the following prompt (you must enter y and press the enter key):
gpg: xxxxxxx: There is no assurance this key belongs to the named user pub 4096R/3E3E95EE 2015-02-12 Highwinds Support
(Key pair used to encrypt SSL certificates for transmission from the customer to Highwinds.) <firstname.lastname@example.org> Primary key fingerprint: E7D3 A00D 7FFB A054 A99D 0DB8 27ED A6A5 2C3D EAB0 It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes. Use this key anyway? (y/N) y
This will produce a file named:
Email the encrypted certificate and key files to Highwinds at [mailto:email@example.com].
Although the email itself is sent in an insecure fashion, as the contents of the certificate and key files are encrypted they are protected from unauthorized third parties that may have access to the email as it traverses the Internet.
PLEASE DO NOT send your unencrypted certificate and key files. Please be sure to only send certificate and key files that have been encrypted using the Highwinds public key.
Highwinds receives the email as a support ticket with the encrypted certificate and key files as attachments.
Using the Highwinds private key, the certificate and key files are decrypted and used to configure SSL service.
A confirmation will be provided back to the customer via the ticket upon completion of the configuration.