Products
Edge AI
AI Training
GPU Cloud
GPU CloudBoost AI/ML training with servers powered by NVIDIA
AI Inference
Inference at the Edge
Inference at the EdgeAccelerate your ML model inference for fast global performance
AI Applications
Image Generator
Image GeneratorCreate realistic and stunning images with ease
Speech-to-Text Translator
Speech-to-Text TranslatorTranslate from English to Luxembourgish seamlessly
Edge Cloud
Compute
Basic VMs
Basic VMsManage workloads on affordable shared virtual servers
Virtual Machines
Virtual MachinesRun apps on customizable dedicated virtual servers
Bare Metal
Bare MetalDeploy apps on powerful dedicated physical servers
Containers
Managed Kubernetes
Managed KubernetesDeploy, manage, and scale Kubernetes clusters easily
Container as a Service
Container as a ServiceRun containerized apps without server provisioning
Container Registry
Container RegistrySecurely store, manage, and deploy container images.
Function as a Service
Function as a ServiceExecute serverless code functions efficiently
Networking
Load Balancer
Load BalancerRoute traffic optimally to improve app performance
5G Network
5G NetworkDeploy apps and securely connect mobile devices via 5G
Virtual Private Cloud
Virtual Private CloudManage resources in a secure isolated private cloud
Hosting
Virtual Servers
Virtual ServersHost on virtual servers with no traffic restrictions
Dedicated Servers
Dedicated ServersHost on physical servers with worldwide availability
Storage
Object Storage
Object StorageStore data in fast and scalable S3-compatible storage
File Shares
File SharesShare files across servers easily using NFS protocol
Databases
Managed PostgreSQL
Managed PostgreSQLProvision fully managed PostgreSQL databases with ease
Monitoring
Managed Logging
Managed LoggingCollect, store, and analyze application logs
About Edge Cloud
Edge Network
Application Performance
CDN
CDNAccelerate dynamic and static content delivery
FastEdge
FastEdgeDeploy serverless apps with low-latency edge computing
Media Delivery
Video Streaming
Video StreamingDeliver high-quality live and on-demand video at scale
DNS
Managed DNS
Managed DNSEnsure application availability with authoritative DNS
Public DNS
Public DNSProtect online privacy with a free DNS resolver
About Edge Network
Edge Security
Network Security
DDoS Protection
DDoS ProtectionProtect your infrastructure from evolving DDoS attacks
Application Security
WAAP
WAAPSecure apps and APIs from DDoS, bots and OWASP attacks
Solutions
By Industry
Gaming
CDN for Gaming
Game Server Protection
Game Development
Retail
CDN for E-commerce
Media & Entertainment
CDN for Video
Metaverse Streaming
TV & Online Broadcasters
Sport Broadcasting
Online Events
Financial Services
Cloud for Financial Services
Technology
Image Optimization
Web Acceleration
Wordpress CDN
Education
Online Education
By Need
Web Acceleration
Web Acceleration
Image Optimization
Wordpress CDN
Security
Game Server Protection
Video Streaming
CDN for Video
Video Hosting
Live Streaming
Availability
Multi-CDN
Cloud
Web Service
Game Development
Online Store
Migration to the Cloud
ERP in the Cloud
Pricing
Resources
Resources
Blog
Case Studies
Ebooks
Reports
White Papers
Events
Documentation
Docs
API
Product Roadmap
Help Center
Gcore Status
Tools
Looking Glass
Speed Test
Developer Tools
Partners
Partners
Intel
Intel | New CPU Generation
Intel | Ice Lakes
Hesp
Equinix
InData Labs
Ampere
Unum
Programs
White Label Solutions
Referral Program
Why Gcore
Company
About Gcore
Press
Awards
Careers
Legal Information
Platform
Network
Infrastructure
Internet Peering Points
Compliance
Under attack?Under attack?
en
Contact usContact us
Contact us

Select the Gcore Platform

Recommended
Gcore Edge Solutions Go to Gcore Platform → Go to Gcore Platform →

Products:

  • Edge Delivery (CDN)
  • DNS with failover
  • Virtual Machines
  • Bare Metal
  • Cloud Load Balancers
  • Managed Kubernetes
  • AI Infrastructure
  • Edge Security (DDOS+WAF)
  • FaaS
  • Streaming
  • Object Storage
  • ImageStack (Optimize and Resize)
  • Edge Compute (Coming soon)
Show full list
Gcore Hosting Go to Gcore Hosting →
  1. Home
  2. Learning
  3. Improve Your Privacy and Data Security with TLS Encryption on CDN

Improve Your Privacy and Data Security with TLS Encryption on CDN

July 16, 2024 4 min read
Improve Your Privacy and Data Security with TLS Encryption on CDN

The web is a public infrastructure: Anyone can use it. Encryption is a must to ensure that communications over this public infrastructure are secure and private. You don’t want anyone to read or modify the data you send or receive, like credit card information when paying for an online service.

TLS encryption is a basic yet crucial safeguard that ensures only the client (the user’s device, like a laptop) and server can read your request and response data; third parties are locked out. You can run TLS on a CDN for improved performance, caching, and TLS management. If you want to learn more about TLS and how running it on a CDN can improve your infrastructure, this is the right place to start.

What Is TLS Encryption and Why Does It Matter?

TLS, transport layer security, encrypts data sent via the web to prevent it from being seen or changed while it’s in transit. For that reason, it’s called encryption in-transit technology. TLS is also commonly called HTTPS when used with HTTP or SSL, as previous versions of the technology were based on it. TLS ensures high encryption performance and forward secrecy. To learn more about encryption, check out our dedicated article.

TLS is a vital part of the web because it ensures trust for end users and search engines alike. End users can rest assured that their data—like online banking information or photos of their children—can’t be accessed. Search engines know that information protected by TLS is trustworthy, so they rate it higher than non-protected content.

What’s the Connection Between TLS and CDN?

A CDN, or content delivery network, helps improve your website’s performance by handling the delivery of your content from its own servers rather than your website’s server. When a CDN uses TLS, it ensures that your content is encrypted as it travels from your server to the CDN and from the CDN to your users.

With TLS offloading, your server only needs to encrypt the content for each CDN node, not for every individual user. This reduces the workload on your server.

Here’s a simple breakdown of how it works:

  1. Your server encrypts the content once and sends it to the CDN.
  2. The CDN caches this encrypted content.
  3. When a user requests the content, the CDN serves it directly to them, handling all encryption and reducing the need to repeatedly contact your server.

Without a CDN, your server would have to encrypt and send content to each user individually, which can slow things down. With a CDN, your server encrypts the content once for the CDN. The CDN then takes over, encrypting and serving the content to all users, speeding up the process and reducing the load on your server.

Visual illustration of how TLS offloading on CDNs works
Figure 1: Comparison of how content is served with TLS on the web server (left) vs on CDN (right)

Benefits of “Offloading” TLS to a CDN

Offloading TLS to a CDN can improve your infrastructure with improved performance, better caching, and simplified TLS management.

Increased Performance

When establishing a TLS connection, the client and server must exchange information to negotiate a session key. This exchange involves four messages being sent over the network, as shown in Figure 2. The higher the latency between the two participants, the longer it takes to establish the connection. CDN nodes are typically closer to the client, resulting in lower latency and faster connection establishment.

As mentioned above, CDN nodes handle all the encryption tasks. This frees up your server’s resources for other tasks and allows you to simplify its code base.

The four stages of a TLS handshake
Figure 2: TLS handshake

Improved Caching

If your data is encrypted, the CDN can’t cache it. A single file will look different from the CDN nodes for every new TLS connection, eliminating the CDN benefits (Figure 3). If the CDN holds the certificates, it can negotiate encryption with the clients and collect the files from your server in plaintext. This allows the CDN to cache the content efficiently and serve it faster to users.

A diagram comparing TLS and CDN caching processes showing how CDN improves caching
Figure 3: TLS and CDN caching compared

Simplified TLS Management

The CDN takes care of maintenance tasks such as certificate issuing, rotation, and auto-renewal. With the CDN managing TLS, your server’s code base can be simplified, and you no longer need to worry about potential TLS updates in the future.

TLS Encryption with Gcore CDN

With the Gcore CDN we don’t just take care of your TLS encryption, but also file compression and DNS lookups. This way, you can unburden your servers from non-functional requirements, which leads to smaller, easier-to-maintain code bases, lower CPU, memory, and traffic impact, and a lower workload for the teams managing those servers.

Gcore CDN offers two TLS offloading options:

  1. Free Let’s Encrypt certificates with automatic validation, an effective and efficient choice for simple security needs
  2. Paid custom certificates, ideal if your TLS setup has more complex requirements

How to Enable HTTPS with a Free Let’s Encrypt Certificate

Setting up HTTPS for your website is quick, easy, and free. First, make sure you have a Gcore CDN resource for your website. If you haven’t created one yet, you can do so in the Gcore Customer Portal by clicking Create CDN resource in the top-right of the window (Figure 4) and following the setup wizard. You’ll be asked to update your DNS records so they point to the Gcore CDN, allowing Gcore to issue the certificates later.

Gcore Customer Portal showing how to create a CDN resource
Figure 4: Create CDN resource

Next, open the resource settings by selecting your CDN resource from the list in the center (Figure 5).

Gcore Customer Portal showing how to select a CDN resource
Figure 5: Select the CDN resource

Enable HTTPS in the resource settings, as shown in Figure 6:

  • Select SSL in the left navigation
  • Click the Enable HTTPS checkbox
  • Click Get SSL certificate
Gcore Customer Portal showing how to get an SSL certificate
Figure 6: Get an SSL certificate

Your certificate will usually be issued within 30 minutes.

Our Commitment to Online Security

At Gcore, we’re committed to making the internet secure for everyone. As part of this mission, we offer free CDN and free TLS certificates. Take advantage and protect your resources efficiently for free!

Get TLS encryption on Gcore CDN free

Table of contents

Try Gcore CDN

Improve Your Privacy and Data Security with TLS Encryption on CDN

Related articles

What is a CDN?
What is a CDN?
Whether you’re running an e-commerce store, streaming videos, or managing an app, delivering content quickly and reliably is essential to keeping users satisfied. This is where a content delivery network (CDN) comes into play.  A CDN is a globally distributed network of servers that work together to deliver content to […]
October 24, 2024 4 min read
How to Run Hugging Face Spaces on Gcore Inference at the Edge
How to Run Hugging Face Spaces on Gcore Inference at the Edge
Running machine learning models, especially large-scale models like GPT 3 or BERT, requires a lot of computing power and comes with a lot of latency. This makes real-time applications resource-intensive and challenging to deliver. Running ML models at the edge is a lightweight approach offering significant advantages for latency, privacy, […]
October 17, 2024 2 min read
How to Migrate Your Video Files to Gcore Video Streaming
How to Migrate Your Video Files to Gcore Video Streaming
Migrating large volumes of video files from different platforms can be daunting and time-consuming, often discouraging companies from moving to a superior provider. But it doesn’t have to be this way. We’ve created this three-step guide to help you efficiently migrate your video files to Gcore from other popular streaming […]
September 18, 2024 4 min read
10 Common Web Performance Mistakes and How to Overcome Them
10 Common Web Performance Mistakes and How to Overcome Them
Web performance mistakes can carry a high price, resulting in websites that yield low conversion rates, high bounce rates, and poor sales. In this article, we dig into the top 10 mistakes you should avoid to boost your website performance. 1. Slow or Unreliable Web Host Your site speed begins with […]
September 9, 2024 6 min read
5 Ways to Improve Website Speed for E-Commerce
5 Ways to Improve Website Speed for E-Commerce
In part 1 of this guide, we explained why site speed matters for e-commerce and how you can track your current speed. Now, speed up your page load times with these five techniques. #1 Assess Your Current Site Speed First, check your site’s current performance. Use tools like Google PageSpeed Insights or […]
August 22, 2024 3 min read
What Website Speed Is and Why It Matters for E-commerce Success
What Website Speed Is and Why It Matters for E-commerce Success
Website visitors are more impatient than ever—websites that take longer than three seconds to load lose more than half their visitors. For an e-commerce business, that translates to losing half its potential sales, which is bad news for revenue. In this article, we explain what e-commerce website speed is, how […]
August 21, 2024 3 min read
How to Configure Grafana for Visualizing Kubernetes (K8s) Cluster Monitoring
How to Configure Grafana for Visualizing Kubernetes (K8s) Cluster Monitoring
Kubernetes monitoring allows you to observe your workloads and cluster resources, spot issues and failures, and efficiently manage pods and other resources. Cluster admins should prioritize tracking the performance and stability of clusters in these environments. One popular tool that can help you visualize Kubernetes monitoring is Grafana. This monitoring […]
July 25, 2024 3 min read
How to Spot and Stop a DDoS Attack
How to Spot and Stop a DDoS Attack
The faster you detect and resolve a DDoS (distributed denial-of-service) attack, the less damage it can do to your business. Read on to learn how to identify the signs of a DDoS attack, differentiate it from other issues, and implement effective protection strategies to safeguard your business. You’ll also discover […]
July 24, 2024 3 min read

Subscribe
to our newsletter

Get the latest industry trends, exclusive insights, and Gcore
updates delivered straight to your inbox.
Subscribe