seo – SSL certificate both on origin server and CDN

I’m about to add CDN to my website and I’ve being doing research, but some things have raised questions instead of getting answers. (Please let me know if I should split my questions separately, each in its own topic, I just thought I’d spam with this amount of questions… plus, they are all tightly coupled)

  1. SEPARATE CERTIFICATE OR NOT, 2 OR 1 Do I need to buy a separate SSL certificate especially for CDN or I can use the same DV certificate I bought, e.g., from Sectigo? In other words, should I own 2 certificates, or can own just one on both my server and on CDN? (note I am not interested in self-signed certificates)

  2. DO URLS CHANGE OR NOT I believe most CDN providers do not require changing URLs to static content, but is that true with most popular CDNs or some of them do require changing URLs? E.g. do I have to change links from root relative to absolute with domain being the CDN’s? Or everything goes through CDN nameservers?

  3. FINAL LINKS FROM VIEW-SOURCE Given that CDN is already in place and I haven’t modified my links on my website, what kind of links will I see for static content URLs when I right click and choose “View Source” in the browser? Mine or somehow substituted by CDN edge servers?

  4. SEO/CDN: DUPLICATE CONTENT I’ve read that after introduction of CDN there might appear duplicate content in search engines.
    4.1. Should I do anything special to prevent this on the application side apart from having link rel=”canonical” on every HTML page?

    4.2. Should I do anything special to prevent this on the CDN control panel side?

  5. MAIN SERVER WITH SSL, CDN WITHOUT Suppose I have DV certificate installed for my website. Every request is over HTTPS, including static content. The browser address bar happily turns green and all is good. Now I add CDN to my website but I do not add SSL certificate for CDN-delivered content (I assume it will be delivered over HTTP). What happens with the address bar and what do visitors see who lend on my website (e.g. warning)? Has the website now become “insecure” just because static content is delivered over HTTP and not HTTPS? And what actually determines whether to show that the website is secured with SSL or not – the initial request (e.g. HTML, which must not be cached by CDN but instead forwarded directly) ?

  6. INSTALL SSL MANDATORY WHERE TO CDN OR ORIGIN? I’ve also read that, quote, “it’s better to install certificate to CDN”, end of quote. That confused me a lot. What does “better” mean? I believe that SSL certificate absolutely must be installed on main origin server, and additionally can be installed to CDN, but not vice versa. Correct?

  7. COMMON OR NOT Do the answers for the above questions pertain to most CDN providers? E.g. KeyCDN, CloudFlare, Akamai, etc., or it depends?