برای ورود به صفحهی فارسی وبسایت ابر آروان کلیک کنید
Secure web-based data transmission is one of the biggest global challenges. Personal data of millions of users, from their bank account information to their text messages, are being exchanged over the Internet every day. Accordingly, new attacks have been emerged to access such vital information. This information is sometimes so critically important that their leakage from websites or applications responsible for data transmission can lead to irreversible losses to individuals and businesses. Additionally, it may bear severe consequences for the website or application owners.
Encrypted web-based information exchange is a crucial step to cope with this serious challenge, and ArvanCloud is proud to be among the very few CDN providers across the globe to provide this feature by offering free CDN SSL certificates.
Preparing an SSL certificate is the first step for a website to support HTTPS. The SSL certificate is a prerequisite for the TLS protocol to establish a secure connection between the server and the client (browser).
SSL certificate includes information that is being used in the TLS handshake process. The information may consist of general information about the identity of the website owner (domain name and the affiliated organization) and public key etc.
The TLS protocol functions are based on symmetric and asymmetric cryptography. Unlike the symmetric cryptography using a single secret shared key for encryption and decryption of data between two points, the asymmetric cryptography or publish key infrastructure (PKI) uses two keys, namely private and public keys, for secure transmission.
Both private and public keys are generated on the web hosting server. However, the private key is stored securely on the server, and it is not transmitted to the outside world. On the other hand, the public key, as the name suggests, can be freely shared. The person receiving the public key uses it to encrypt their data before sending it to the server. The server, on the other hand, decrypts the encrypted data by using its private key.
The public key is at the high risk of exploitation as it is shared with others. An extra security level is applied to verify the identity of the public key to solve this problem. Identity verification is carried out by an SSL certificate.
When creating a free SSL certificate for a website, the first step is to generate a certificate signing request (CSR). This file is, in fact, the SSL certificate before it’s signed by the certificate authority (CA), and it contains the information regarding the website wonder and the public key. This file is sent to a CA to be signed if the requirements are met. The signed certificate file, which can now be called the SSL certificate, is sent back to the website owner to be installed on the webserver. The server uses this certificate to identify its identity to the browser during the TLS handshake. The certificates have expiration dates and should be renewed through the same procedure after expiry. The HTTPS connection between the browser and the web server fails if any steps are improperly performed.
All browsers are shipped with a list of trusted CAs, based on which they can confirm the authenticity of the information and public keys received in certificates signed by any of these CAs.
After a TCP connection was established between the client and server, the TLS handshake is initiated. The steps involved in this process (regardless of the TLS version) are briefly explained as follows:
The browser sends a “client hello” message containing the version of the TLS or SSL and its supported encryption algorithm to the server.
The server responds with a “server hello” message containing one of the algorithms supported by the browser and its SSL certificate.
The browser validates the SSL certificate by checking its list of trusted CAs and accepts the certificate. The browser then generates a Secret Key, encrypts it with the public key it received from the server, and sends it to the server in a message.
The message received by the server is decrypted using the private key to obtain the Secret Key sent by the browser. The TLS connection is now established between the browser and server, and the exchanged data is encrypted and decrypted with the help of the secret key.
By negotiating with Let’s Encrypt, ArvanCloud has provided its users with the possibility of generating a free 3-month CDN SSL certificate with a single click. Hence, ArvanCloud users can get this CDN SSL certificate free of charge, which will be renewed automatically without further steps at the time of expiration. As a significant advantage, these free CDN SSL certificates are provided as wildcards.
The Wildcard SSL Certificate can be used to secure an unlimited number of subdomains with a single SSL certificate. Unlike the standard SSL certificates, which are bound to a single FQDN such as www.example.com, the Wildcard SSL certificate can also be used for *.example.com, where “*” can be any prefix (www.example.com, example.com, test.example.com, etc.)