Overview
Our CDN supports the secure delivery of assets via HTTPS (HTTP over SSL). SSL connections are secured via the use of a certificate that forms a chain of trust between the customer's site, the CDN, and a certificate authority such as VeriSign, GoDaddy, etc. Customers can use either the Highwinds wildcard certificate or provide a custom certificate. Other certificate options may be available upon request.
Because certificate data must be kept secure at all times in order to ensure that the chain of trust cannot be broken, we ask that you do not send the unencrypted certificate and key data via public channels such as email.
The following procedures have been developed to ensure that this data remains secure at all times. Step-by-step instructions are provided below, and security is ensured via the use of the PGP encryption scheme.
Using PGP-compatible software, you can use the Highwinds public key to encrypt your secure SSL certificate and key files. This key can then be sent via unsecured channels in encrypted form.
PGP Explained
Wikipedia describes PGP as the following:
Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security of e-mail communications.
Source: http://en.wikipedia.org/wiki/Pretty_Good_Privacy
How to Submit Your Certificate
There are many open-source and commercial software packages available for performing PGP encryption. Users should download and select a PGP software package. A number of open-source implementations are listed here:
http://www.gnupg.org/download/index.en.html
Download the Highwinds Support public key from:
http://cds.u7s8b4i6.hwcdn.net/highwindssupport/pgp/highwinds-support-public-pgp-key.asc
Import the Highwinds Support public key:
$ gpg \--import highwinds-support-public-pgp-key.asc
Archive your cert and key:
tar czvf test.tar.gz /path/to/cert+key/
Encrypt the archive:
$ gpg \-e \-u "Local User" \-r "Highwinds Support" test.tar.gz
GnuPG will display the following prompt (you must enter y and press the enter key):
gpg: xxxxxxx: There is no assurance this key belongs to the named user
pub 4096R/3E3E95EE 2015-02-12 Highwinds Support
(Key pair used to encrypt SSL certificates for transmission from the customer to Highwinds.) <support@highwinds.com>
Primary key fingerprint: E7D3 A00D 7FFB A054 A99D 0DB8 27ED A6A5 2C3D EAB0
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) y
This will produce a file named:
test.tar.gz.gpg
Email the encrypted certificate and key files to support@highwinds.com.
Although the email itself is sent in an insecure fashion, as the contents of the certificate and key files are encrypted, they are protected from unauthorized third parties that may have access to the email as it traverses the Internet.
PLEASE DO NOT send your unencrypted certificate and key files. Please be sure to only send certificate and key files that have been encrypted using the Highwinds public key.
Support receives the email as a ticket with the encrypted certificate and key files as attachments.
Using the Highwinds private key, the certificate and key files are decrypted and used to configure SSL service.