System Architecture and Technical Decisions

Detailed breakdown of technical decisions and system features taken during the development process of the SSLCI platform.

• All web requests are filtered through a central Front Controller to ensure secure route management.
• File dependencies are dynamically managed with a PSR-4 compliant Autoloader.
• A flexible Router engine is used to detect the language code and target page by analyzing URL segments.
• Runtime errors are minimized and code quality is increased with the Strict Types requirement.
• Unauthorized directory or file calls are completely blocked with whitelist-based page access control.
• Page content is accurately injected into the main template (Layout) using the Output Buffering technique.
• The system includes only the necessary classes in memory when needed to optimize server resources.

• A JSON-based and high-performance localization matrix providing simultaneous service in exactly 17 languages is used.
• Fast access to deeply nested translation keys is provided with Dot-notation support.
• A secure fallback mechanism that automatically returns to the default language (Turkish) for missing translation files is active.
• All language variations are technically reported to search engines by generating dynamic hreflang tags.
• Duplicate Content risk is prevented by creating unique language-based Canonical links for each page.
• Meta title, description, and keyword management are managed centrally from language files in 17 languages.
• Local flag icons are integrated into the system with a high-resolution SVG library (flag-icons).

• All database interactions are carried out with the PDO Prepared Statements architecture, eliminating SQL Injection risks.
• Secure authentication is provided with the Google OAuth 2.0 protocol; user passwords are not stored in the system.
• 256-bit cryptographic tokens specific to each session are assigned for Cross-Site Request Forgery (CSRF) protection.
• Every data output is passed through the htmlspecialchars() filter against XSS attacks for secure rendering.
• Session cookies comply with modern security standards with Secure, HttpOnly, and SameSite=Strict flags.
• All authorization cookies are permanently cleared from the browser and server during the Logout process.
• Private Key data is processed in PEM format with the highest level of confidentiality on the server side.

• A fully automated certificate production cycle is implemented via the Let's Encrypt ACME v2 protocol.
• Secure communication with Let's Encrypt servers is achieved with API requests signed in JWS (JSON Web Signature) standards.
• Both standard and wildcard certificates are supported with HTTP-01 and DNS-01 validation methods.
• The Certificate Signing Request (CSR) is dynamically generated on the server side using asymmetric encryption algorithms.
• Challenge statuses are periodically queried to track the valid/invalid status of the order instantly.
• In case of failed validation attempts, the system improves the process by automatically opening a new order.
• Certificate PEM files are parsed as CRT, KEY and CA (Bundle) and presented to the user as a full set.

• A modern and premium design language focused on corporate identity-compliant orange (#D87000) is used.
• User-controlled Dark Mode support offers a smooth transition with CSS variables.
• Transparent and aesthetic layers giving a sense of depth with Glassmorphism interface components have been designed.
• High readability standards are maintained on every screen size with the Outfit (Google Fonts) typography family.
• Theme preference is stored in localStorage and automatically remembered on the user's next visits.
• The platform works with full performance on mobile, tablet, and desktop devices with Responsive architecture.
• User feedback and interaction have been increased with micro-interactions and soft transition effects.

• The MySQL database schema is structured with the InnoDB engine for high performance and data integrity.
• User certificate history is securely archived with Google ID-based single account management.
• Order and validation records are kept on relational tables to follow the ACME protocol steps.
• Certificate validity periods are monitored with second precision using the timestamped recording system.
• Resource consumption is minimized by managing the database connection with the Singleton design pattern.