Why isn’t it possible to use a CNAME redirect with HTTPS


This Google Storage documentation page states that You can use a CNAME redirect only with HTTP, not with HTTPS. But I cannot see any reason for that. Can anyone explain me why?

Best Solution

Assume you have a CNAME record:

travel-maps.example.com CNAME c.commondatastorage.googleapis.com.

Browser resolves name travel-maps.example.com and gets IP for c.commondatastorage.googleapis.com, then connects to port 443 of this address.

Server with this IP couldn't possibly[1] have proper certificate for travel-maps.example.com (and all other domain names with CNAME records like this). Only example.com domain owner could get a trusted cert for his own domain.

[1] Unless you uploaded the certificate to the CDN network which is a common feature nowadays.