Amazon CloudFront gives you three options for accelerating your entire website while delivering your content securely over HTTPS from all of CloudFront's edge locations. In addition to delivering securely from the edge, you can also configure the CDN to use HTTPS connections for origin fetches so that your data is encrypted end-to-end from your origin to your end users.
By default, you can deliver your content to viewers over HTTPS by using your CloudFront distribution domain name in your URLs, for example, https://dxxxxx.cloudfront.net/image.jpg. If you want to deliver your content over HTTPS using your own domain name and your own SSL certificate, you can use one of our Custom SSL certificate support features.
Custom SSL options for Amazon CloudFront
SNI Custom SSL
Server Name Indication (SNI) Custom SSL relies on the SNI extension of the Transport Layer Security protocol, which allows multiple domains to serve SSL traffic over the same IP address. Amazon CloudFront delivers your content from each edge location and offers the same security as the Dedicated IP Custom SSL feature (see below).
When you use SNI Custom SSL, some users may not be able to access your content because some older browsers do not support SNI and will not be able to establish a connection with CloudFront to load the HTTPS version of your content. For more information on SNI, including a list of supported browsers, please visit our FAQ page.
There is no separate pricing for this feature. You can use SNI Custom SSL with no upfront or monthly fees for certificate management; you simply pay normal Amazon CloudFront rates for data transfer and HTTPS requests.
Set up is easy: simply follow the instructions outlined in the CloudFront Developer Guide and start serving your content quickly and securely.
Dedicated IP Custom SSL
If you need to deliver content to browsers that don’t support SNI, you can use the Dedicated IP Custom SSL feature. For this feature the Amazon content delivery network allocates dedicated IP addresses to serve your SSL content at each Edge location.
To use Dedicated IP Custom SSL certificate support, upload a SSL certificate and use the AWS Management Console to associate it with your CloudFront distributions. If you need to associate more than two custom SSL certificate with your AWS Account, please include details about your use case and the number of custom SSL certificates you intend to use in the CloudFront Limit Increase Form.
Pricing for Dedicated IP Custom SSL is simple. Because of the added cost associated with dedicating IP addresses per SSL certificate, we charge a fixed monthly fee of $600 for each custom SSL certificate you associate with your content delivery network distributions, pro-rated by the hour. For example, if you had your custom SSL certificate associated with at least one CloudFront distribution for just 24 hours (i.e. 1 day) in the month of June, your total charge for using the custom SSL certificate feature in June will be (1 day / 30 days) * $600 = $20. Detailed pricing information for the Custom SSL Certificate feature is available on the CloudFront Pricing Page.
You can learn more about Custom SSL features by reading the CloudFront Developer Guide.