I do not understand your question. Let me start with a picture.
Client <-> TLS terminating <-> Desired Origin
Concretely for an example:
Browser <-> a CDN <-> origin for
www.example.com<http://www.example.com>
The key phrase is the middle entity is a TLS terminating one. (As opposed to a
conventional firewall or similar that just forwards packets, which is why I say
“middle entity” rather than “middle box”
In order to connect to the CDN, it must have a certificate for
www.example.com<http://www.example.com> and DNS must have sent the browser to
the CDN. If not, the browser will fail the connection.
In order to avoid confusion with their own IT structure, it is common for the
“Example, Com” entity to actually have a different name for their origin
website, call it origin.example.com
So, can you rephrase your question perhaps?
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
