This document explains the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols and how servers use them.
TLS and SSL
TLS and SSL are two cryptographic protocols that clients and servers use for secure communication over the Internet. Systems frequently use them for email and web browsing.
Both of these protocols initiate a “handshake,” during which your server and the user’s computer will agree upon specific conditions. These conditions include, most importantly, a set of public and private keys that they will use to encrypt and decrypt messages during the secure session.
As a web server, your server will identify itself with a certificate when it receives a secure request from a user. These certificates can be self-signed or verified through a certificate authority (CA).
Servers generate and sign their own self-signed certificates. We do not recommend self-signed certificates because they do not use a third-party verification system, and any server can claim to be your server. To remedy this issue, we recommend that you use a certificate that you obtain through a CA. The CA verifies the identity of your server to secure user requests.
LetsEncrypt and Free SSL For Your Sites
LetsEncrypt is a collaborated project sponsored by major Internet companies such as Cisco and Google. The goal is to enable SSL/TLS encryption on each site on the Internet. Previously, the only way to enable error free SSL/TLS-backed HTTPS connections to a website was to purchase a commercial certificate from a commercial vendor. These were expensive and tedious to maintain, keeping the barrier to entry high for regular web masters.
The LetsEncrypt project aims to fix this by making certificates free for whoever needs or wants them!
As of October 2016, TLFHosting is proud to offer built-in LetsEncrypt support for each LinuxPro hosting plan. Any site hosted on our LinuxPro platform (including SitePro) automatically gets a valid SSL Certificate. There is no need for any action on part of the customer, the process is entirely automatic.
Of course, if there is a desire to use a standard commercial SSL certificate, you are able to do so at your convenience. Just follow the same process in the documenation for creating a key, CSR, and importing the certificate.
When Is LetsEncrypt Enabled?
By default, all LinuxPro hosting accounts will automatically install a LetsEncrypt certificate. For accounts using commercial certificates, a LetsEncrypt certificate will be installed if the existing commercial certificate is allowed to expire. As described above, no action on the part of the customer is required.