The Arvancloud SSL certificate can be easily activated and automatically renewed for your website using the Arvancloud CDN service.
With a single click, you can make your website secure. Sign up and enjoy the hassle-free, auto-renewable Arvancloud SSL certificate free of charge.
Secure web-based data transmission is one of the biggest global challenges. Millions of users’ personal data, be it their bank account information or their text messages, are being exchanged over the Internet every day, which is why new attacks have emerged to access such vital information. The lack of security leading to leakages of such information can have dire consequences of causing irreversible losses to individuals and businesses while also tarnishing the reputation of website or application owners.
Encrypted web-based information exchange is a crucial step to prevent such scenarios, and Arvancloud is proud to be among the very few CDN providers across the globe to provide this feature by offering free CDN SSL certificates.
Preparing an SSL certificate is the first step for a website to support HTTPS. The SSL certificate is a prerequisite for the TLS protocol to establish a secure connection between the server and the client (browser).
SSL certificate includes information used in the TLS handshake process. The information may include general information about the identity of the website owner (domain name and the affiliated organization) and public key etc.
The TLS protocol functions are based on symmetric and asymmetric cryptography. To secure transmission, asymmetric cryptography or publish key infrastructure (PKI) uses two keys, private and public, unlike symmetric cryptography, which uses a single shared secret key for encryption and decryption between two points.
Public and private keys are generated on the web hosting server, although the private key is stored securely and not transmitted to the outside world. The public key, on the other hand, can be freely shared. The one receiving the public key uses it to encrypt their data before sending it to the server, while the server decrypts the encrypted data using its private key.
The public key is at a high risk of exploitation because of its shareability. For this reason, an extra security level is implemented to verify the identity of the public key to solve this problem. An SSL certificate carries out this identity verification.
When creating a free SSL certificate for a website, the first step is to generate a certificate signing request (CSR). This file is the SSL certificate before it is signed by the certificate authority (CA), and it contains information on the website owner and the public key. Once the requirements are met, this file is sent to a CA to be signed. The SSL certificate is sent back to the website owner to be installed on the webserver. The server uses this certificate to identify itself to the browser during the TLS handshake. The certificates have expiration dates and should be renewed through the same procedure after expiry. The HTTPS connection between the browser and the web server fails if any steps are improperly performed.
All browsers include a list of trusted CAs, based on which they can confirm the authenticity of the information and public keys received in certificates signed by any of those CAs.
Following the establishment of a TCP connection between the client and server, the TLS handshake is initiated. The steps involved in this process (regardless of the TLS version) are briefly explained as follows:
The browser sends a “client hello” message containing the version of the TLS or SSL and its supported encryption algorithm to the server.
The server responds with a “server hello” message containing one of the algorithms supported by the browser and its SSL certificate.
The browser validates the SSL certificate by checking its list of trusted CAs and accepts the certificate. The browser then generates a Secret Key, encrypts it with the public key it received from the server, and sends it to the server in a message.
The message received by the server is decrypted using the private key to obtain the Secret Key sent by the browser. The TLS connection is now established between the browser and server, and the exchanged data is encrypted and decrypted with the help of the secret key.
Through negotiations with Let’s Encrypt, Arvancloud has provided its users with the possibility of generating a free 3-month CDN SSL certificate with a single click. Hence, Arvancloud users can get this CDN SSL certificate free of charge and have it renewed automatically at the time of expiration. These free CDN SSL certificates are provided as wildcards.
The Wildcard SSL Certificate can secure an unlimited number of subdomains with a single SSL certificate. Unlike the standard SSL certificates, which are bound to a single FQDN such as www.example.com, the Wildcard SSL certificate can also be used for *.example.com, where * can be any prefixes (www.example.com, example.com, test.example.com, etc.).