Their differences, best use cases and how they protect our websites
What is HTTPS
We may be familiar with HTTP (Hypertext Transfer Protocol) as a request that browsers or internet devices use to communicate with data on the internet and load webpages.
HTTPS (Hypertext Transfer Protocol Secure) is a more secure way of communication between internet devices and data. Any website that handles sensitive data, such as login credentials and other personal information, should use HTTPS. Websites that are not secure are marked as 'Not Secure,' alerting users to exercise caution when sending information to such websites.
This communication is secured by digital certificates, which are typically obtained from security service providers known as Transport Layer Security (TLS), formerly known as Secure Sockets Layer (SSL).
TLS employs a cryptographic method called asymmetric encryption, which utilizes two keys: the public key and the private key.
The private key is owned by the website owner and resides on the web server. It is used to decrypt information that has been encrypted with the public key. The public key is visible to all individuals interacting with the website legally, and only the private key can decrypt information encrypted by the public key. Both keys work in tandem to maintain the security of information on the website.
Public key encrypts, private key decrypts!
How HTTPS works
Under the hood, when a user opens a webpage, the webpage will send its SSL certificate, which contains the public key necessary to initiate a secure session. The two computers, the client and the server, then undergo a process called an SSL/TLS handshake, a series of back-and-forth communications used to establish a secure connection.
- Specify the version of TLS (TLS 1.0, 1.2, 1.3, etc.) they will use.
- Decide on the cipher suites to be used.
- Authenticate the server's identity using the server's public key and the SSL certificate authority's digital signature.
- Generate session keys to enable symmetric encryption after the handshake is completed.
Importance of HTTPS
Since data transferred through the internet is basically in text i.e. Hyper-text protocol, HTTPS prevents websites from having their information broadcast in a way that’s easily viewed by anyone snooping on the network.
HTTPS also prevents ISP (Internet service providers) from adding or displaying unnecessary content (Ads) to the users.
How to get TLS/SSL Certificates?
There are handful of popular SSL certificate vendors like Hostinger, NameCheap, Domain to name a few and they offer affordable prices.
Hopefully you learned about SSL certificates and how important they are for your websites. To learn more about cryptography or asymmetric encryption, pls check out my GitHub repo and leave a star. Thank you
Top comments (0)