Why isn’t it possible to use a CNAME redirect with HTTPS
Solution 1:
It is possible!
There could be many domains attached to one SSL certificate.
ASSUME travel-maps.example.com CNAME c.commondatastorage.googleapis.com.
When both domains are in the SSL cert list, your CNAME can redirect with HTTPS.
This is how CDN service provider such as Incapsula with works with HTTPS. They just create a "Multi-domain" SSL cert for you.
You may check a demo cert-info in this site. https://www.incapsula.com/
Any way, this kind of SSL cert is for business use in most case and are generally pretty expensive.
Solution 2:
Assume you have a CNAME record:
travel-maps.example.com CNAME c.commondatastorage.googleapis.com.
Browser resolves name travel-maps.example.com
and gets IP for c.commondatastorage.googleapis.com
, then connects to port 443 of this address.
Server with this IP couldn't possibly[1] have proper certificate for travel-maps.example.com
(and all other domain names with CNAME records like this). Only example.com
domain owner could get a trusted cert for his own domain.
[1] Unless you uploaded the certificate to the CDN network which is a common feature nowadays.