# SSL/TLS Encryption
**Secure Socket Layer (SSL)** and **Transport Layer Security (TLS)** are cryptographic protocols that provide encrypted communication between clients and servers.\
They ensure data privacy, integrity, and authentication—protecting your website and CDN-delivered assets against interception or tampering.
Over time, the traditional **HTTP** protocol evolved into **HTTPS**, which uses SSL/TLS encryption to secure all data exchanged between users and websites.\
Medianova CDN supports HTTPS by default and allows you to manage SSL certificates directly through the platform.
{% hint style="warning" %}
TLS is the modern version of SSL. All Medianova services use TLS 1.2 and 1.3 for enhanced security and performance.
{% endhint %}
### **Why SSL/TLS Matters**
* **Confidentiality:** Encrypts all client–server communications.
* **Integrity:** Prevents data alteration or man-in-the-middle attacks.
* **Authentication:** Confirms your site’s identity through trusted Certificate Authorities (CAs).
* **Trust & SEO:** HTTPS improves user confidence and search engine ranking.
### **Supported SSL Certificate Types**
Medianova CDN supports all common SSL/TLS certificates. Choose the one that fits your infrastructure and domain structure.
| Certificate Type | Description | Recommended For |
| ---------------------------------- | ------------------------------------------------------------------- | ------------------------------- |
| **Domain Validation (DV)** | Validates domain ownership only. Simple and fast to issue. | Blogs, small websites |
| **Organization Validation (OV)** | Confirms both domain and company identity. | Corporate or business sites |
| **Extended Validation (EV)** | Highest validation level; displays organization name in browser UI. | E-commerce, financial platforms |
| **Wildcard SSL** | Secures a domain and all its subdomains (e.g., `*.yourdomain.net`). | Multi-subdomain services |
| **SAN (Subject Alternative Name)** | Covers multiple domains under a single certificate. | Multi-domain architectures |
| **Code Signing SSL** | Used by developers to verify the integrity of software or drivers. | Application signing, APIs |
{% hint style="warning" %}
For setups serving multiple domains or subdomains, consider **Wildcard** or **SAN-supported** certificates to simplify management.
{% endhint %}
Two-Layer Encryption Flow
### **How SSL/TLS Works on Medianova CDN**
1. A user requests your content via **HTTPS**.
2. The CDN edge node presents a valid SSL/TLS certificate.
3. Encrypted communication is established between the client and the edge server.
4. The edge communicates securely with your **origin server** (if origin SSL is configured).
5. Data is delivered end-to-end through encrypted channels.
### **Best Practices**
* Always use HTTPS for all CDN-enabled resources.
* Prefer **TLS 1.3** for stronger encryption and faster handshakes.
* Keep certificates renewed before expiration to avoid service disruption.
* Use **Wildcard** or **SAN** certificates to simplify certificate management.
* Avoid mixed-content warnings by ensuring all assets (images, scripts) load over HTTPS.
###
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://clients.medianova.com/products/security/ssl-tls-encryption.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
