{"id":12721,"date":"2025-12-16T10:14:09","date_gmt":"2025-12-16T04:44:09","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=12721"},"modified":"2025-12-16T10:14:29","modified_gmt":"2025-12-16T04:44:29","slug":"what-is-tls-on-linux-server","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/what-is-tls-on-linux-server","title":{"rendered":"What is TLS on Linux Server? &#8211; (Setup &amp; Hardening Guide)"},"content":{"rendered":"\n<p><strong>TLS on Linux server<\/strong> is the configuration and use of Transport Layer Security to encrypt and authenticate network traffic for services like HTTPS, SMTP, and APIs.<\/p>\n\n\n\n<p>It uses <strong>digital certificates to prove identity<\/strong> and modern ciphers to protect data in transit, preventing interception, tampering, and impersonation while boosting compliance, performance, and user trust.<\/p>\n\n\n\n<p>If you run websites or APIs, understanding TLS on Linux server is essential. This guide explains what TLS is, how it works, how to <a href=\"https:\/\/www.youstable.com\/blog\/install-nginx-on-linux\/\">install and harden it on Nginx<\/a> and Apache, how to test it for an A+ score, and how to automate renewals using practical steps you can apply today.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-tls-and-how-does-it-work\"><strong>What is TLS and How Does it Work?<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1536\" height=\"1024\" src=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-69.png\" alt=\"TLS on Linux Server\" class=\"wp-image-13061\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-69.png 1536w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-69-150x100.png 150w\" sizes=\"auto, (max-width: 1536px) 100vw, 1536px\" \/><\/figure>\n\n\n\n<p>TLS (Transport Layer Security) is the security layer behind HTTPS and many secure protocols. It authenticates the server with a certificate and encrypts the connection using symmetric keys negotiated during a handshake. This protects users against sniffing, MITM attacks, and session hijacking.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"tls-handshake\"><strong>TLS Handshake<\/strong><\/h2>\n\n\n\n<p>When a browser connects to your Linux server:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Client says hello and offers supported TLS versions and cipher suites.<\/li>\n\n\n\n<li>Server replies with a certificate (proof of identity) and picks a secure cipher suite.<\/li>\n\n\n\n<li>Both sides securely agree on a shared session key (e.g., via ECDHE for Perfect Forward Secrecy).<\/li>\n\n\n\n<li>Traffic switches to fast symmetric encryption using that shared key.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"tls-1-2-vs-tls-1-3-what-to-prefer\"><strong>TLS 1.2 vs TLS 1.3 (What to Prefer)<\/strong><\/h2>\n\n\n\n<p>Use TLS 1.3 wherever possible. It\u2019s faster (1-RTT), removes weak ciphers, and simplifies configuration. Keep TLS 1.2 enabled for compatibility with older clients but disable TLS 1.0\/1.1. On modern Linux (OpenSSL 1.1.1+ or 3.0+), you get TLS 1.3 by default.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"prerequisites-on-a-linux-server\"><strong>Prerequisites on a Linux Server<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OpenSSL 1.1.1 or newer (TLS 1.3 support)<\/li>\n\n\n\n<li>Nginx 1.17+ or Apache 2.4.37+ for HTTP\/2 and modern TLS<\/li>\n\n\n\n<li>Public DNS A\/AAAA records pointing to your server<\/li>\n\n\n\n<li>Firewall open on ports 80 (HTTP) and 443 (HTTPS)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"check-versions\"><strong>Check Versions<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>openssl version\nnginx -v     # if using Nginx\napachectl -v # if using Apache (httpd on RHEL\/CentOS)<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"get-a-tls-certificate-free-or-paid\"><strong>Get a TLS Certificate (Free or Paid)<\/strong><\/h2>\n\n\n\n<p>You can use a free Let\u2019s Encrypt certificate (recommended for most websites) or a paid certificate from a commercial CA (useful for EV\/OV requirements or private PKI policies).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"option-1-lets-encrypt-with-certbot-recommended\"><strong>Option 1: Let\u2019s Encrypt with Certbot (Recommended)<\/strong><\/h3>\n\n\n\n<p>Certbot automates certificate issuance and renewal. On Ubuntu\/Debian, the Snap package is the most up-to-date method:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo snap install core; sudo snap refresh core\nsudo snap install --classic certbot\nsudo ln -s \/snap\/bin\/certbot \/usr\/bin\/certbot<\/code><\/pre>\n\n\n\n<p><strong>For Nginx:-<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo certbot --nginx -d example.com -d www.example.com\nsudo certbot renew --dry-run<\/code><\/pre>\n\n\n\n<p><strong>For Apache:-<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo certbot --apache -d example.com -d www.example.com\nsudo certbot renew --dry-run<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"option-2-paid-ca-ov-ev-or-custom-requirements\"><strong>Option 2: Paid CA (OV\/EV or Custom Requirements)<\/strong><\/h3>\n\n\n\n<p>Generate a key and CSR (ECDSA is modern and efficient):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># ECDSA P-256 key and CSR\nopenssl ecparam -genkey -name prime256v1 -out example.com.key\nopenssl req -new -key example.com.key -out example.com.csr -subj \"\/CN=example.com\"<\/code><\/pre>\n\n\n\n<p>Submit the CSR to your CA. They\u2019ll return certificate files (server cert and chain). Keep <a href=\"https:\/\/www.youstable.com\/blog\/private-key-for-ssl-certificate\/\">private keys<\/a> secure with correct permissions (600) and root ownership.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"configure-tls-on-nginx-and-apache\"><strong>Configure TLS on Nginx and Apache<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"nginx-secure-https-example\"><strong>Nginx: Secure HTTPS Example<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Redirect HTTP to HTTPS\nserver {\n    listen 80;\n    listen &#91;::]:80;\n    server_name example.com www.example.com;\n    return 301 https:\/\/$host$request_uri;\n}\n\n# HTTPS server\nserver {\n    listen 443 ssl http2;\n    listen &#91;::]:443 ssl http2;\n    server_name example.com www.example.com;\n\n    ssl_certificate \/etc\/letsencrypt\/live\/example.com\/fullchain.pem;\n    ssl_certificate_key \/etc\/letsencrypt\/live\/example.com\/privkey.pem;\n\n    ssl_protocols TLSv1.2 TLSv1.3;\n    ssl_prefer_server_ciphers off;  # TLS 1.3 ignores ciphers; keep off for speed\n    ssl_ciphers EECDH+AESGCM:EDH+AESGCM;\n\n    # Session settings\n    ssl_session_timeout 1d;\n    ssl_session_cache shared:SSL:50m;\n    ssl_session_tickets off;\n\n    # OCSP Stapling\n    ssl_stapling on;\n    ssl_stapling_verify on;\n    resolver 1.1.1.1 8.8.8.8 valid=300s;\n\n    # Security headers (HSTS: enable after confirming HTTPS works sitewide)\n    add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains; preload\" always;\n\n    root \/var\/www\/example.com;\n    index index.html index.php;\n    # ... other app settings ...\n}<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"apache-secure-https-example\"><strong>Apache: Secure HTTPS Example<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;VirtualHost *:80&gt;\n    ServerName example.com\n    ServerAlias www.example.com\n    Redirect permanent \/ https:\/\/example.com\/\n&lt;\/VirtualHost&gt;\n\n&lt;IfModule mod_ssl.c&gt;\n&lt;VirtualHost *:443&gt;\n    ServerName example.com\n    ServerAlias www.example.com\n    DocumentRoot \/var\/www\/example.com\n\n    SSLEngine on\n    Protocols h2 http\/1.1\n\n    SSLCertificateFile \/etc\/letsencrypt\/live\/example.com\/fullchain.pem\n    SSLCertificateKeyFile \/etc\/letsencrypt\/live\/example.com\/privkey.pem\n\n    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1\n    SSLOpenSSLConfCmd Curves X25519:P-256\n    SSLOpenSSLConfCmd ServerInfo on\n    SSLOpenSSLConfCmd Ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256\n    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM\n    SSLHonorCipherOrder off\n\n    # OCSP Stapling\n    SSLUseStapling on\n    SSLStaplingResponderTimeout 5\n    SSLStaplingReturnResponderErrors off\n\n    Header always set Strict-Transport-Security \"max-age=31536000; includeSubDomains; preload\"\n&lt;\/VirtualHost&gt;\n&lt;\/IfModule&gt;<\/code><\/pre>\n\n\n\n<p>Enable required modules on Apache: ssl, headers, http2, and socache_shmcb (varies by distro).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"tls-hardening-best-practices\"><strong>TLS Hardening Best Practices<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable TLS 1.3; keep TLS 1.2 for compatibility; disable TLS 1.0\/1.1.<\/li>\n\n\n\n<li>Prefer ECDSA certificates and ECDHE key exchange for PFS; support RSA fallback if needed.<\/li>\n\n\n\n<li>Disable weak ciphers (RC4, 3DES, CBC, NULL, EXPORT).<\/li>\n\n\n\n<li>Turn on OCSP stapling to speed up revocation checks.<\/li>\n\n\n\n<li>Use HSTS after verifying HTTPS works everywhere to prevent protocol downgrades.<\/li>\n\n\n\n<li>Enable HTTP\/2 (h2) for performance; ALPN must be available (modern OpenSSL\/NPN support).<\/li>\n\n\n\n<li>Disable session tickets or rotate keys frequently to preserve PFS.<\/li>\n\n\n\n<li>Set secure cookies (Secure, HttpOnly) in your app and add modern security headers where applicable.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"test-and-audit-your-tls\"><strong>Test and Audit Your TLS<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"quick-cli-tests\"><strong>Quick CLI Tests<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Show certificate chain and negotiated protocol\/cipher\nopenssl s_client -connect example.com:443 -servername example.com -tls1_3\n\n# Force TLS 1.2 test\nopenssl s_client -connect example.com:443 -servername example.com -tls1_2\n\n# Enumerate ciphers (nmap)\nnmap --script ssl-enum-ciphers -p 443 example.com<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"online-scanners-and-tooling\"><strong>Online Scanners and Tooling<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SSL Labs Server Test: aim for an A+ by fixing protocol, cipher, and chain issues.<\/li>\n\n\n\n<li>testssl.sh: a comprehensive open-source CLI tester for Linux.<\/li>\n\n\n\n<li>SecurityHeaders.com: verify HSTS and other headers.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"automate-renewals-and-maintenance\"><strong>Automate Renewals and Maintenance<\/strong><\/h3>\n\n\n\n<p>Let\u2019s Encrypt certificates are valid for 90 days. Certbot <a href=\"https:\/\/www.youstable.com\/blog\/install-cron-jobs-on-linux\/\">installs a systemd timer or cron<\/a> automatically; verify with a dry run and logs.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo certbot renew --dry-run\nsudo journalctl -u snap.certbot.renew.service --no-pager | tail<\/code><\/pre>\n\n\n\n<p>If you manage paid certificates, set calendar reminders and deploy automation scripts to copy new certs to the right paths, reload services, and validate with health checks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"troubleshooting-common-tls-errors\"><strong>Troubleshooting Common TLS Errors<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Protocol mismatch (<a href=\"https:\/\/www.youstable.com\/blog\/fix-err-ssl-version-or-cipher-mismatch\/\">ERR_SSL_VERSION_OR_CIPHER_MISMATCH):<\/a> old client only supports TLS 1.0\/1.1; ensure TLS 1.2+ is available and confirm client compatibility.<\/li>\n\n\n\n<li>Incomplete chain: browsers warn \u201cnot secure.\u201d Use fullchain.pem and include intermediate certificates.<\/li>\n\n\n\n<li>Hostname mismatch: certificate CN\/SAN doesn\u2019t match domain. Reissue with correct names.<\/li>\n\n\n\n<li>Permissions: web server can\u2019t read key. Set chmod 600 and correct user\/group.<\/li>\n\n\n\n<li>Time skew: invalid certificate dates if server clock is wrong. Enable NTP.<\/li>\n\n\n\n<li>Rate limits (Let\u2019s Encrypt): too many requests. Use staging during tests and consolidate SANs.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"performance-and-scaling-with-tls\"><strong>Performance and Scaling with TLS<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>TLS offloading\/termination at a reverse proxy or <a href=\"https:\/\/www.youstable.com\/blog\/install-load-balancer-on-linux\/\">load balancer<\/a> (e.g., Nginx, HAProxy, AWS ALB) reduces CPU load on app servers.<\/li>\n\n\n\n<li>Enable HTTP\/2 for multiplexing; consider HTTP\/3\/QUIC at the edge for latency-sensitive regions.<\/li>\n\n\n\n<li>Use ECDSA certificates and X25519 curves for faster handshakes on mobile.<\/li>\n\n\n\n<li>Consider session resumption (tickets or IDs) to cut handshake overhead; rotate ticket keys if enabled.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"compliance-logging-and-monitoring\"><strong>Compliance, Logging, and Monitoring<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Compliance:<\/strong> PCI DSS, HIPAA, and ISO 27001 expect strong TLS settings and regular validation.<\/li>\n\n\n\n<li><strong>Logging:<\/strong> watch for handshake failures in Nginx\/Apache error logs and monitor expiration dates.<\/li>\n\n\n\n<li><strong>Inventory:<\/strong> track certificates, issuers, and SANs across environments; audit quarterly.<\/li>\n\n\n\n<li><strong>Key management:<\/strong> restrict key access, back up securely, and rotate on staff or vendor changes.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"practical-tls-checklist-for-linux\"><strong>Practical TLS Checklist for Linux<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Update OpenSSL, Nginx\/Apache to modern versions.<\/li>\n\n\n\n<li>Obtain a certificate (Let\u2019s Encrypt or CA), prefer ECDSA when possible.<\/li>\n\n\n\n<li>Enable TLS 1.3 and TLS 1.2; disable older protocols.<\/li>\n\n\n\n<li>Configure strong ciphers and PFS; disable weak suites.<\/li>\n\n\n\n<li>Turn on OCSP stapling and HSTS (after confirming HTTPS everywhere).<\/li>\n\n\n\n<li>Enable HTTP\/2 and ALPN; test with SSL Labs.<\/li>\n\n\n\n<li>Automate renewals and reloads; monitor logs and expiry.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs-tls-on-linux-server\"><strong>FAQ&#8217;s &#8211; TLS on Linux Server<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765619757227\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"is-ssl-the-same-as-tls-on-linux-servers\"><strong>Is SSL the same as TLS on Linux servers?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>SSL is the older protocol; TLS is its successor. Today, people say \u201cSSL\u201d out of habit, but you should use TLS 1.2 and TLS 1.3. Configurations labeled \u201cSSL\u201d in web servers often manage TLS settings under the hood.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765619769314\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"do-i-need-a-paid-certificate-or-is-lets-encrypt-enough\"><strong>Do I need a paid certificate or is Let\u2019s Encrypt enough?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>For most public websites and APIs, Let\u2019s Encrypt DV certificates are perfect and trusted by all major browsers. Choose paid OV\/EV when your organization needs higher identity assurance, extended validation, or specific enterprise policies.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765619778328\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-get-an-aplus-on-ssl-labs\"><strong>How do I get an A+ on SSL Labs?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Enable TLS 1.3 + 1.2, disable TLS 1.0\/1.1, remove weak ciphers, use a proper chain (fullchain.pem), turn on HSTS and OCSP stapling, and prefer ECDHE with ECDSA\/RSA certificates. Test iteratively with SSL Labs and testssl.sh.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765619787958\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"whats-the-difference-between-rsa-and-ecdsa-certificates\"><strong>What\u2019s the difference between RSA and ECDSA certificates?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Both are secure, but ECDSA uses elliptic curves for smaller keys and faster handshakes\u2014great for mobile and high-traffic sites. Many sites deploy dual certificates (RSA + ECDSA) to maximize compatibility with older clients.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765619797586\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"should-i-use-self-signed-certificates-in-production\"><strong>Should I use self-signed certificates in production?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>No. Browsers will warn users because the certificate isn\u2019t issued by a trusted CA. Use Let\u2019s Encrypt or a commercial CA for public services. Self-signed certs are fine for internal testing with trusted private PKI.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>TLS on Linux server is the configuration and use of Transport Layer Security to encrypt and authenticate network traffic for [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":13700,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350],"tags":[],"class_list":["post-12721","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-is-TLS-on-Linux-Server.jpg","author_info":{"display_name":"Sanjeet Chauhan","author_link":"https:\/\/www.youstable.com\/blog\/author\/sanjeet"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12721","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=12721"}],"version-history":[{"count":6,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12721\/revisions"}],"predecessor-version":[{"id":13701,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12721\/revisions\/13701"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/13700"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=12721"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=12721"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=12721"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}