This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 28.999999999999996%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EID%3C/text%3E%3C/svg%3E)
I've recently set up the following on Azure:
Storage as a static web site (which uses a z33.....windows.net address to access it).
Azure CDN (which uses a <mysite>.azureedge.net address to access it)
Added a custom sub domain to the CDN (mysite.mydomain.org), with the CNAME mapped to the azureedge.net domain, and HTTPS is enabled with the CDN managed certificate option.
I'm having a problem when accessing the site over HTTPS using my custom sub domain, the certificate is often returned as the certificate for the *....windows.net domains instead of mysite.mydomain.org, and the browser obviously flags this as insecure because they don't match.
But if I leave it a few minutes and refresh the page, the correct certificate often then gets used and I can access the site without problems.
Accessing via the azure CDN or storage addresses always seems to return the right certificate - it's only the custom domain that has a problem.
Is there something I've missed setting this up?
If you need more details or there is any specific troubleshooting I can carry out, please let me know.
Just as a follow up - it seems to be behaving correctly consistently now (18-24 hours later) - I'm assuming the CDN takes time to propogate the right certificate to all endpoints, or something similar?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 36%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
@Ian Darling Yes.
If your CNAME record is in the correct format, DigiCert automatically verifies your custom domain name and creates a dedicated certificate for your domain name. Digi Cert won't send you a verification email and you won't need to approve your request. The certificate is valid for one year and will be auto-renewed before it expires. Proceed to Wait for propagation.
Automatic validation typically takes a few hours. If you don’t see your domain validated in 24 hours, open a support ticket. Please let us know if you have further questions/concerns. Thank you!