Where CDNs are used to provide HTTPS, the connection from the CDN to the origin server should also be protected with HTTPS, and authenticated by the CDN when making that connection. CDNs vary in their support of secure-to-origin, so this should be one of the questions asked when evaluating a CDN.