As 2020, having a website with a SSL Certificate is a must-have. They play a crucial role in securing communications between users and your website, making it impossible, for malicious users, to steal personal data through a man-in-the-middle attack.
At Nooder, we take particular care of you and your customer's security, so we provide a free and private SSL Certificate for all of our customers, without any limitations.
How does Nooder SSL Certificates works?
Our certificates are provided in conjunction with Let's Encrypt, which acts as Certificate Authority. When you add a domain to your account, and create a protected DNS record, a new certificate creation is scheduled. This operation will perform many tasks, and ends with a new and working certificate, which will be propagated in all our nodes and will allow HTTPS connections to them. The certificate will have an entry for each of your protected records. All this stuff would be usually automatically completed within minutes after some criteria are met:
- The domain uses the nameservers provided by our Console
- There is at least one protected record
In some rare cases, we may need up to 24 hours to generate and distribute the certificate to our nodes.
Finally, when the certificate is close to its expiration (approximately 15 days), it is automatically renewed and distributed, without any downtime.
We use two different types of encryption, which could be configured on a per-record basis.
With the Mixed Encryption, the traffic is encrypted only between user and Nooder nodes. This solution usually requires almost zero configuration from the remote server side, while it's not the most secure one. Using our default SSL certificate with this mode, you don't need to worry about renewals or updates, as Nooder automatically takes care of it. This type of encryption is enabled by default for each protected record you have, and doesn't require any particular setup in our Console.
With the Full Encryption, the traffic is encrypted not only between user and Nooder nodes but also with the backend server. This solution gives you great security, but requires a bit of configuration. The remote server needs to have a valid SSL certificate (A self-signed certificate is supported) and should be listening for HTTPS connections. Moreover, you need to setup this feature in the Nooder Console.
When you create a new protected record, you are allowed to enable the Backend Secure Connection option. This will tell Nooder nodes to connect to your backend via a Secure Connection. Enabling this without a valid SSL certificate or without listening for HTTPS connections will make the connection between Nooder and the backend server impossible.
Custom SSL Certificates
In case of needs, our Console enables users to use their own SSL Certificates. The certificate, added through the wizard in Security tab, will then be validated and distributed to our nodes in a matter of seconds, but is user responsability to renew it (any change could be done easily via our API). Users can also use Let's Encrypt certificates, keeping in mind that is not possible to use their HTTP-01 challenge with protected records.