Replacement of security credentials for secure proxying

What is claimed is: 1. A method, comprising: preventing, by a processing device, a system from registering with a content delivery network and from applying for a remote credential directly, the preventing comprising: receiving, from the system, a request for a resource provided by the content delivery network, the request comprising a local credential associated with the system; determining that the request for the resource is authenticated in view of the local credential; identifying, by the processing device, the remote credential associated with the content delivery network and corresponding to the local credential; replacing the local credential in the request with the corresponding remote credential, wherein the replacing comprises removing the local credential from the request and inserting the corresponding remote credential into the request; and sending the request for the resource with the remote credential to the content delivery network. 2. The method of claim 1 , wherein the local credential comprises a digital certificate and is distributed by an on-premise subscription service associated with the system. 3. The method of claim 1 , wherein the remote credential comprises a digital certificate and is distributed by a hosted subscription service associated with the content delivery network. 4. The method of claim 3 , further comprising: receiving the remote credential from the hosted subscription service; storing the remote credential in a credential data store; and associating the remote credential with the local credential. 5. The method of claim 1 , wherein identifying the remote credential comprises accessing a credential mapping database. 6. The method of claim 1 , further comprising: receiving a resource package from the content delivery network, the resource package comprising the requested resource and the remote credential; identifying the local credential associated with the system and corresponding to the remote credential; replacing the remote credential in the resource package with the corresponding local credential; and sending the resource package with the local credential to the system. 7. A system comprising: a memory store a subscription proxy; and a processing device, coupled to the memory and to execute the subscription proxy, the processing device to: prevent a system from registering with a content delivery network and from applying for a remote credential directly, wherein the processing device to: receive, from the system, a request for a resource provided by the content delivery network, the request comprising a local credential associated with the system; determine that the request for the resource is authenticated in view of the local credential; identify the remote credential associated with the content delivery network and corresponding to the local credential; replace the local credential in the request with the corresponding remote credential, wherein to replace the local credential, the subscription proxy to remove the local credential from the request and insert the corresponding remote credential into the request; and send the request for the resource with the remote credential to the content delivery network. 8. The system of claim 7 , wherein the local credential comprises a digital certificate and is distributed by an on-premise subscription service associated with the system. 9. The system of claim 7 , wherein the remote credential comprises a digital certificate and is distributed by a hosted subscription service associated with the content delivery network. 10. The system of claim 9 , wherein the processing device is further to: receive the remote credential from the hosted subscription service; store the remote credential in a credential data store; and associate the remote credential with the local credential. 11. The system of claim 7 , wherein identifying the remote credential comprises accessing a credential mapping database. 12. The system of claim 7 , wherein the processing device is further to: receive a resource package from the content delivery network, the resource package comprising the requested resource and the remote credential; identify the local credential associated with the system and corresponding to the remote credential; replace the remote credential in the resource package with the corresponding local credential; and send the resource package with the local credential to the system. 13. A non-transitory machine-readable storage medium storing instructions which, when executed, cause a processing device to: prevent a system from registering with a content delivery network and from applying for a remote credential directly, wherein the processing device to: receive, from the system, a request for a resource provided by the content delivery network, the request comprising a local credential associated with the system; determine that the request for the resource is authenticated in view of the local credential; identify, by the processing device, the remote credential associated with the content delivery network and corresponding to the local credential; replace the local credential in the request with the corresponding remote credential, wherein the replacing comprises removing the local credential from the request and inserting the corresponding remote credential into the request; and send the request for the resource with the remote credential to the content delivery network. 14. The non-transitory machine-readable storage medium of claim 13 , wherein the local credential comprises a digital certificate and is distributed by an on-premise subscription service associated with the system. 15. The non-transitory machine-readable storage medium of claim 13 , wherein the remote credential comprises a digital certificate and is distributed by a hosted subscription service associated with the content delivery network. 16. The non-transitory machine-readable storage medium of claim 15 , wherein the instructions to further cause the processing device to: receive the remote credential from the hosted subscription service; store the remote credential in a credential data store; and associate the remote credential with the local credential. 17. The non-transitory machine-readable storage medium of claim 13 , wherein to identify the remote credential, the instructions to further cause the processing device to access a credential mapping database. 18. The non-transitory machine-readable storage medium of claim 13 , wherein the instructions to further cause the processing device to: receive a resource package from the content delivery network, the resource package comprising the requested resource and the remote credential; identify the local credential associated with the system and corresponding to the remote credential; replace the remote credential in the resource package with the corresponding local credential; and send the resource package with the local credential to the system.