SSL and TLS are both cryptographic protocols that encrypt and authenticate data over the internet. They are used to establish a secure connection between a client and a server over the internet by encrypting the data exchanged between the two parties, which protects it from potential attackers.
However, SSL is the older version of TLS and has some security vulnerabilities that TLS fixes. Here are some of the main differences between SSL and TLS:
- SSL stands for Secure Sockets Layer and was first released in 1995. SSL uses explicit connections with a port, and has a different handshake process than TLS. SSL is now deprecated and has known security issues such as the POODLE attack.
- TLS stands for Transport Layer Security and was first released in 1999 as an upgrade to SSL. It was later updated to TLS 1.1 in 2006, TLS 1.2 in 2008, and TLS 1.3 in 2018. TLS uses implicit connections with a protocol, and has a more secure handshake process than SSL. TLS is the current industry standard for web security and offers better encryption algorithms and authentication methods than SSL.
Even though TLS is the newer and more secure version of SSL, many people still use the term SSL to refer to both protocols. This is because SSL was the original name and became widely adopted before TLS was introduced.
How to Use AutoSSL
AutoSSL allows you to automatically install and renew LetsEncrypt SSL certificates for your web applications. It is available only for Business users in RunCloud and can be enabled when you are creating your web app.
Now, RunCloud will automatically install a LetsEncrypt SSL certificate for your web application and renew it every 90 days. You can also use this for any subdomains or domains that you add to your web application later. It can also be used for any cloned web applications or WordPress staging sites that you create from your web application.
Adding SSL/TLS Certificates
One of the key features of RunCloud is its ability to generate and manage SSL certificates for web applications. To manage your SSL/TLS certificates, open your RunCloud dashboard and click on the “SSL/TLS” button in the sidebar.
On the next screen, you will see two options:
- The “Basic SSL certificate” option on RunCloud uses a single SSL certificate to secure all domains associated with a specific web application.
- The “Advanced” option allows you to individually manage the certificates for each domain name.
Regardless of which option you pick, the process to deploy a certificate is the same. Click on the domain from the list of the available domains to start the process. The SSL Provider section on the next page allows you to choose your SSL provider. RunCloud provides three options –
Let’s Encrypt
The Authorization Method section allows you to pick your preferred mode of authorization method for Let’s Encrypt SSL certificates. You can pick either http-01 authorization, which involves Let’s Encrypt attempting to validate files inside your server, or dns-01 authorization, which validates the DNS records.
The Let’s Encrypt Environment section allows you to choose the environment to generate your SSL certificate. RunCloud provides an option for Live or Test certificates, which generates a either a real or a fake SSL certificate for a site signed by Let’s Encrypt Authority.
The HTTP to HTTPS Redirection section allows you to specify whether or not the visitors should be redirected from HTTP connection to HTTPS. RunCloud provides three options – no redirection, server-side HTTPS redirection, and HSTS.
The first one allows users to connect via insecure channels, and the second one redirects insecure traffic to use a secure protocol. The HSTS & Server Side Redirection section enables HTTP Strict Transport Security (HSTS) and server-side redirection. HSTS forces the browser to always use HTTPS, even if the user wants to connect via HTTP.
Note: There are some limits associated with this method, if you try to create more than 50 certificates per registered domain in a given week, you will encounter “Error 429 LetsEncrypt Rate Limit“. For more information, refer to Let’s Encrypt’s documentation.
Custom SSL
There are several reasons to use a custom SSL certificate:
- You want to use a different SSL provider, such as Verisign, GeoTrust, Comodo, etc.
- You have exhausted the number of freely available LetsEncrypt certificates for the given week.
- Your organization signs its own SSL certificates that are trusted within its network.
The process of deploying a custom certificate is very straightforward. Just paste the public and private keys into the given fields, and click “Deploy SSL“.
Self-signed Certificate
If you want to use self-signed certificates, but don’t want to maintain a root authority yourself, then this is the right choice for you.
You can used this option to deploy certificates that are signed by RunCloud. Optionally, you can also provide the additional information, such as Key Type, Organization, Department, City, State, and Country.
Once you click “Deploy SSL“, your site will start using the new certificate. If you are using it for the first time, your browser will warn you about an “Untrusted Certificate“.
Although you can click on “Advanced” and “Proceed to …” to visit the site, it can be rather annoying.
If you add RunCloud’s root certificate to your PC’s trusted certificate list, then you will no longer get warnings for this certificate – and all other certificates issued under this root certificate in the past or future – you only need to do this once.
We will show you how to do this for Chrome, but the process is similar for other browsers as well. Click on the “Not Secure” in the address bar, and then tap “Certificate is not valid” to view the certificate chain.
You will see a pop-up window. Go to the “Details” tab to view the complete certificate chain. Make sure you have selected the “RunCloud Root CA“, and then click on “Export” to save the certificate. This will download a file on your computer.
After downloading the RunCloud’s root certificate, we need to tell our browser that it is a trusted certificate. To do this, open Chrome settings and navigate to “Privacy and security“. There you will find an option to manage certificates.
On the certificates page, switch to the “Authorities” tab and click “Import” to add a new trusted certificate.
Select the certificate that we just uploaded. Switch to the “All files” option in your file manager if you can’t see the certificate. In the Trust Settings pop-up, make sure you select “Trust this certificate for identifying websites“, and click “OK“.
That’s it! Go back to your site and refresh the web page. You should see a “Certificate is Valid” message when you click on the lock icon; on newer versions of Chrome lock icon has been replaced by tune icon.
If you ever want to delete RunCloud’s root certificate, you can go back to the manage certificates tab, scroll down till you find the certificate and click “Delete” next to it.
Updating Application URL
If you are using a CMS system such as WordPress, you will need to update the site address so that WordPress will start using the new URL. To update the address, open the web application dashboard and click on “General Settings” option in the left menu.
Next, just add a s
after http
so that the resulting address starts with https://
instead of http://
in both WordPress Address and Site Address fields. Finally, click on “Save Details” button to update the settings.