Switching from a custom SSL/TLS certificate with dedicated IP addresses to SNI - Amazon CloudFront
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Switching from a custom SSL/TLS certificate with dedicated IP addresses to SNI

If you configured CloudFront to use a custom SSL/TLS certificate with dedicated IP addresses, you can switch to using a custom SSL/TLS certificate with SNI instead and eliminate the charge that is associated with dedicated IP addresses. The following procedure shows you how.

Important

This update to your CloudFront configuration has no effect on viewers that support SNI. Viewers can access your content before and after the change, as well as while the change is propagating to CloudFront edge locations. Viewers that don't support SNI cannot access your content after the change. For more information, see Choosing how CloudFront serves HTTPS requests.

To switch from a custom SSL/TLS certificate with dedicated IP addresses to SNI
  1. Sign in to the Amazon Web Services Management Console and open the CloudFront console at https://console.amazonaws.cn/cloudfront/v4/home.

  2. Choose the ID of the distribution that you want to view or update.

  3. Choose Distribution Settings.

  4. On the General tab, choose Edit.

  5. Change the setting of Custom SSL Client Support to Only Clients that Support Server Name Indication (SNI).

  6. Choose Yes, Edit.