برای ورود به صفحهی فارسی وبسایت ابر آروان کلیک کنید
Secure web-based data transmission is a significant challenge in today’s world. Personal data of millions of users, from their bank account information to personal text messages, are being exchanged over the Internet. Accordingly, new attacks are also emerging to access such vital information from users. This information is sometimes so critically important that their leakage from websites or applications responsible for its transmission can lead to irreversible losses to individuals and businesses, in addition to the rigorous consequences for the website or application owners.
Encrypted web-based information exchange is an important step to cope with this serious challenge, and ArvanCloud is proud to be among the very few CDNs around the globe to provide this feature by offering free SSL certificates.
Preparing an SSL certificate is the first step for a website to support HTTPS. The SSL certificate is a prerequisite for the TLS protocol to establish a secure connection between the server and the client (browser).
A TLS handshake requires the information included in an SSL certificates, such as the general information regarding the identity of the website owner (domain name and the affiliated organization) and public key.
The TLS protocol functions based on symmetric and asymmetric cryptography. Unlike the symmetric cryptography which uses a secret shared key for encryption and decryption of data between two points, the asymmetric cryptography or publish key infrastructure (PKI) uses two keys, namely private and public keys, for secure transmission.
Both private and public keys are generated on the webhosting server. However, as their difference, the private key is stored securely on the server and is never transmitted to the outside world, while the public key, as the name suggests, can be shared with others. The person receiving the public key uses it to encrypt their data prior to sending it to the server, and the server uses its private key to decrypt the encrypted data.
The public key can be taken advantage of as it’s shared with others. To cope with this problem, an extra security level is applied to validate the received public key, which is where the SSL certificate comes in.
When creating an SSL certificate for a website, the first step is to generate a certificate signing request (CSR). This file is in fact the SSL certificate before it’s signed by the certificate authority (CA) and contains the information regarding the website wonder and the public key. This file is sent to a CA to be signed if the requirements are met. The signed certificate file, which can now be called the SSL certificate, is sent back to the website owner to be installed on the web server. The server uses this certificate to identify its identity to the browser during the TLS handshake. The certificates have expiration dates and should be renewed through the same procedure after expiry. The HTTPS connection fails to establish between the browser and the web server if any of these steps are improperly performed.
All browsers are shipped with a list of trusted CAs, based on which they can confirm the authenticity of the information and public keys received in certificates signed by any of these CAs.
After establishing a TCP connection between the client and server, the TLS handshake is initiated. The steps involved in this process (regardless of the TLS version) are briefly as follows:
The browser sends a “client hello” message containing the version of the TLS or SSL along with its supported encryption algorithm to the server.
The server responds with a “server hello” message containing one of the algorithms supported by the browser along with its SSL certificate.
The browser validates the SSL certificate by checking its list of trusted CAs and accepts the certificate. The browser then generates a Secret Key, encrypts it with the public key it received from the server, and sends it to the server in a message.
The message received by the server is decrypted using the private key to obtain the Secret Key sent by the browser. The TLS connection is now established and this secret key is henceforth used by the server and the browser to encrypt and decrypt the exchanged data.
By negotiating with Let’s Encrypt, ArvanCloud have provided its users in recent years with the possibility of generating a free 3-month SSL certificate with a single click. Hence, ArvanCloud users can get this certificate free of charge and have it renewed automatically with no further actions when expired. As a significant advantage, these free certificates are provided as wildcards.
The Wildcard SSL can be used to secure an unlimited number of subdomains with a single SSL certificate. Unlike the standard SSL certificates which are bound to a single FQDN such as www.example.com, the Wildcard SSL certificate can be also used for *.example.com, where * can be any prefix (www.example.com, example.com, test.example.com, etc.)
Please read this article for further information on getting your free SSL certificate.