Automated SSL certificates
“A free SSL certificate for every website”
When adding a domain name to Qbine, a Let’s Encrypt SSL certificate is created by default. It will save you the time it takes to install the certificates and updating the SSL certificates in your hosting environment. If you like to use your own private commercial SSL certificate, you can simply upload them by the client panel or API.
What is SSL?
The letters SSL stand for Secure Socket Layer and it uses cryptographic protocols to secure and encrypt the traffic between two systems. The internet has been using the SSL 2.0 certificate since 1995 and since then, there are multiple versions of the SSL. The SSL 1.0 has never made it for public use, hence why we begin with the SSL 2.0. After the SSL 3.0 was never released, they have changed the following version into TLS in 1996. TLS stands for Transport Security Layer. The TLS 1.0 is released in 1999 and the TLS version 1.3 has been released in 2018.
We now know that an SSL or TLS encrypts traffic. But why do we want this? When you browse to a website, you will always use an URL that begins with http:// – otherwise known as the HyperText Transfer Protocol. Sometimes you will see an additional S: This stands for Secure. The difference between these two, and you probably guessed it, is an SSL certificate. The HTTPS uses an SSL certificate.
So why do we want HTTPS? There are plenty of reasons, however, the most important one is that when you are using an SSL, you are protecting potentially sensitive information from being stolen by hackers or other bad doers. Another main reason is that you want your traffic to be secured. With an SSL certificate, you will get a higher ranking in Google. Without an SSL certificate, you may even risk a penalty since Google is giving penalties to websites without SSL.
What is the difference between SSL and TLS?
The difference between SSL and TLS is nothing more than one being a newer version of the other. TLS is a newer version of SSL. How come we’re still using the name SSL?
One simple answer: Branding. Since the majority of the people know what an SSL certificate is and companies that are selling SSL certificates have never changed the name into TLS certificates. That’s why nowadays most people still talk about an SSL certificate instead of a TLS certificate. When you buy an SSL certificate, you do not actually buy an SSL – but a TLS certificate. Well, we most certainly hope you do because the last version of SSL is obsolete since 2015. You definitely wouldn’t want that.
How does Qbine’s free SSL work?
Qbine uses Let’s Encrypt for our SSL’s. Where you would normally have to request the SSL yourself, we now do all the work for you and request a Let’s Encrypt for your website. The traffic between the user and our reverse proxy is handled by a Let’s Encrypt SSL. To explain the process further, we need to explain SSL offloading first.
SSL offloading is a way to decrypt a request. And to decrypt a request, the traffic should be secured first. This is exactly what the Let’s Encrypt SSL certificate does. With an SSL we have encrypted and secured traffic. Now we can begin with the SSL offloading, but where do we do this?
Qbine is placed in a reverse proxy where the SSL offloading happens. A reverse proxy is nothing more than a proxy right in front of your application. The traffic that normally goes directly to your website, will now go through the reverse proxy first. Now the SSL offloading magic can begin.
There are two ways of SSL offloading. The first is the SSL termination. Even though we strongly discourage using this method, it is possible. The request will be decrypted but never encrypted again. In other words, you have secure traffic until the reverse proxy and when we send the request to your website, it is no longer secured.
The second and best way is the SSL bridge. We decrypt the request, look inside the request and if everything is OK, we encrypt the request again and forward the request to your website.
To encrypt the request again, you should upload your SSL certificate inside your client panel. This way we can ensure that the traffic between Qbine and your server is secured.