News

Users of Azure Site Caching Service Get HTTPS Custom Domain Support

Verizon, an Azure Content Delivery Network (CDN) service partner with Microsoft, now provides HTTPS support for custom domains, Microsoft announced this week.

HTTPS, or Hyper Text Transfer Protocol Secure, is a protocol used to connect browsers with Web sites. The "S" version of it encrypts the contents of packets while in transit, unlike its HTTP cousin. The Azure Content Delivery Network, on the other hand, is a caching service for static Web content. It's designed to deliver "high-bandwidth" Web content, such as video, audio and photo files, from points-of-presence locations around the world to better meet performance demands. The CDN caching service for Azure is priced based on outbound data transfer use. Typically, organizations with high Web traffic demands might be expected to use the service.

Custom Domains HTTPS Support

Verizon's Azure CDN has had HTTPS support previously for years, but it was only available when using domains based on Verizon's CDN endpoints. Now, organizations can use their own custom domain addresses and get HTTPS security protection. Verizon now supports HTTPS for custom domain addresses with both its Standard and Premium CDN offerings.

Verizon's custom domain support for HTTPS doesn't entail additional costs. There's no extra cost to maintain and renew certificates. The certificate provider is DigiCert, and certificate management gets automatically handled, according to Microsoft's Azure documentation. Users also have a "one click provisioning" capability from within the Azure management portal that will add the HTTPS support for custom domains.

Akamai is another Microsoft Azure CDN partner that offers content caching support for organizations, but it doesn't yet support HTTPS for custom domains. It's a prospect, though, that may arrive "in the coming months," Microsoft's announcement suggested.

HTTPS Gaining Steam?

The use of HTTPS is typically described as providing better security for end users, protecting against "man-in-the-middle" information interception attacks during Web sessions, as well as possible content forgery attempts. It was originally aimed at protecting Web financial transactions, but HTTPS fell into more general-purpose use about seven years ago, according to Wikipedia's account. The protocol has gotten a major push by search service providers such as Google, which has lit a fire under Web-dependent companies because HTTPS use will bump up their site search rankings compared with the use of HTTP.

Possibly, organizations are trending more toward HTTPS use. Microsoft Most Valuable Professional Troy Hunt described some measurements to that end in a recent blog post. For instance, Mozilla saw about half of the traffic from big sites, such as Facebook, Gmail and Twitter, as having switched to HTTPS from August 2015 to August 2016. The Mozilla survey was a small one, though.

Hunt makes the case that a lot of commercial sites could see embarrassing performance issues, especially with regard to Web transactions, if they haven't switched to using HTTPS. However, making the switch to HTTPS may not be a trivial matter for organizations.

Experts describe the switch to HTTPS as involving a lot of moving parts. It's not a simple matter of just buying certificates from a Certificate Authority to trigger the secure lock icon on browsers, which signifies an HTTPS connection.

The process of moving to HTTPS can take a couple of months for organizations that maintain their own Web servers. It involves setting up a test environment for an organization's sites and coordinating with teams to ensure things are working correctly before pulling the HTTPS switch. It can involve updating load traffic management software to maintain Secure Sockets Layer offloading. It may entail coordinating with developers to change code for sites that deliver ads. Web site addresses need to be changed in bulk, typically via scripting, and search service providers need to be alerted to the change so that the sites can be found.

The move to HTTPS also isn't necessarily trivial for organizations that work with a site hosting company, rather than running their own Web servers. They will need to communicate the right certificate details to the hosting service provider to get HTTPS working properly, experts say.