# SSL/TLS Encryption

**Secure Socket Layer (SSL)** and **Transport Layer Security (TLS)** are cryptographic protocols that provide encrypted communication between clients and servers.\
They ensure data privacy, integrity, and authentication—protecting your website and CDN-delivered assets against interception or tampering.

Over time, the traditional **HTTP** protocol evolved into **HTTPS**, which uses SSL/TLS encryption to secure all data exchanged between users and websites.\
Medianova CDN supports HTTPS by default and allows you to manage SSL certificates directly through the platform.

{% hint style="warning" %}
TLS is the modern version of SSL. All Medianova services use TLS 1.2 and 1.3 for enhanced security and performance.
{% endhint %}

### **Why SSL/TLS Matters**

* **Confidentiality:** Encrypts all client–server communications.
* **Integrity:** Prevents data alteration or man-in-the-middle attacks.
* **Authentication:** Confirms your site’s identity through trusted Certificate Authorities (CAs).
* **Trust & SEO:** HTTPS improves user confidence and search engine ranking.

### **Supported SSL Certificate Types**

Medianova CDN supports all common SSL/TLS certificates. Choose the one that fits your infrastructure and domain structure.

| Certificate Type                   | Description                                                         | Recommended For                 |
| ---------------------------------- | ------------------------------------------------------------------- | ------------------------------- |
| **Domain Validation (DV)**         | Validates domain ownership only. Simple and fast to issue.          | Blogs, small websites           |
| **Organization Validation (OV)**   | Confirms both domain and company identity.                          | Corporate or business sites     |
| **Extended Validation (EV)**       | Highest validation level; displays organization name in browser UI. | E-commerce, financial platforms |
| **Wildcard SSL**                   | Secures a domain and all its subdomains (e.g., `*.yourdomain.net`). | Multi-subdomain services        |
| **SAN (Subject Alternative Name)** | Covers multiple domains under a single certificate.                 | Multi-domain architectures      |
| **Code Signing SSL**               | Used by developers to verify the integrity of software or drivers.  | Application signing, APIs       |

{% hint style="warning" %}
For setups serving multiple domains or subdomains, consider **Wildcard** or **SAN-supported** certificates to simplify management.
{% endhint %}

<figure><img src="https://542970813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtK7oIwmhUHdEJcaH4Hx8%2Fuploads%2FHKpN4regN57hZtrdV8UN%2Fenc.png?alt=media&#x26;token=09875e6a-33df-44be-b4c9-02b9a27f1c30" alt="" width="563"><figcaption><p>Two-Layer Encryption Flow</p></figcaption></figure>

### **How SSL/TLS Works on Medianova CDN**

1. A user requests your content via **HTTPS**.
2. The CDN edge node presents a valid SSL/TLS certificate.
3. Encrypted communication is established between the client and the edge server.
4. The edge communicates securely with your **origin server** (if origin SSL is configured).
5. Data is delivered end-to-end through encrypted channels.

### **Best Practices**

* Always use HTTPS for all CDN-enabled resources.
* Prefer **TLS 1.3** for stronger encryption and faster handshakes.
* Keep certificates renewed before expiration to avoid service disruption.
* Use **Wildcard** or **SAN** certificates to simplify certificate management.
* Avoid mixed-content warnings by ensuring all assets (images, scripts) load over HTTPS.

### ‏‏‏‏‏‏‏‏ <a href="#ssl-tlsencryption-certificatetypes" id="ssl-tlsencryption-certificatetypes"></a>