The heartbleed bug has impacted the entire CDN industry, including the heavy weights: Akamai, EdgeCast, Limelight, Fastly, CloudFlare and Incapsula. More than anything else, reissuing SSL certificates to all SSL customers is more of a headache than anything else. The cost to deploy all SSL certificates for all CDNs is likely to be in the low millions. For the large CDN, this isn’t much money. The process time for an SSL order for a Tier 1 CDN takes anywhere from 1 to 3 weeks, and requires a lot of emails, going back and forth, between the CDN, customer and Certificate Authority.
When a CDN gets a few dozen SSL orders in a week, its takes the CDN a while to deploy all certs, as there are many manual steps in the process. Now imagine, all SSL customers need to have their certs reissued, and deployed in one day. That’s a big job. At least, CDN customers are unlikely to complain about the lack of security with a particular CDN, since every major tech company has been impacted, including Microsoft, Google, Yahoo, Tumblr, Cisco, Juniper and so on.
The CDNs with more customers have more work to do. CDNs are going to have to pull engineers and operation folks from their regular job to become SSL fixer-uppers, at least for a while. CloudFlare has 1.5M customers, now that’s a very big task at hand. On the flipside, Limelight has around 1,000 customers, so it won’t be impacted as much as CloudFlare. CloudFlare probably needs to reissue more certs than all other CDNs combined, due to the sheer number of customers they have. How many SSL customers do CDNs have?
I’m going to take an educated guess, and provide some estimates in the summary below on how many customers have SSL certs, not the total number of certs in deployment. Guessing the number of certs in deployment is impossible, since some individual customers have hundreds of SSL certs in production, such as an ecommerce platform customer that uses a CDN.
Guesstimate of Number of Clients with SSL Certs per CDN
- Akamai: 5,000 customers x 9% = 450 SSL customers
- Limelight: 1,000 customers x 4% = 40 SSL customers
- Edgecast: 5,000 customers x 5 % = 250 SSL customers
- CloudFlare: 1.5M customers x .5% = 7,500 SSL customers
*Guesstimate above only applies to the total number of customers using SSL certs, not total number of certs in production, since some individual customers might have hundreds of certificates. Heartbleed Impacts CloudFlare, EdgeCast, Akamai and Limelight