DEV Community

Cover image for What is HTTPS?

Posted on • Updated on

What is HTTPS?

Hello guyz today i am going to discuss what is HTTPS and how it is different from HTTP and why we need HTTPS.

Lets get started...

What is HTTP ?

  • HTTP, which is short for HyperText Transfer Protocol, is a set of rules for transferring a web page between a web server and your browser. When you browse to a specific URL in your browser, it starts a conversation with the website’s server to download everything it needs to render that web page.

  • What if your browser needs to send or receive information that is private? The conversation that takes place with HTTP happens in “plain text” which means a third-party can listen in on your browser’s conversation and see everything that is being said. This is a great way to steal personal information like your credit card number or other sensitive stuff.

What is HTTPS ?

HTTPS is the exact same conversation your browser and the web server were having before, but now all of that information is encrypted. Only your browser and the web server possess the key to decrypt it. This prevents any eavesdroppers from understanding what is being said.

How it works ?

  • The encryption that happens when you’re using HTTPS is done using a special “SSL/TLS certificate” from the website’s server as well as a unique encryption key from your browser. Both the certificate and your key are used throughout your conversation to prove to the other party that they are who they say they are. Without these, a third-party could intercept your conversation and pretend to be either the server or your browser.

  • Before the conversation begins, your browser and the server say hello and agree on two things: the type of encryption they are going to use and the encryption keys that are going to be used to perform the encryption. Once this initial handshake is complete, both your browser and the server can speak the same encrypted language and can have a private conversation that is very hard to eavesdrop on.

  • Despite all of this complicated technology happening behind the scenes, your browser makes it very easy to make sure HTTPS is on and working properly. In addition to having “https://” in the URL bar on your browser, you will also see a padlock icon somewhere nearby indicating that your connection to the website is secure.

  • If you don’t see that confirmation in your browser, then HTTPS is not active and everything your browser is sending and receiving is not encrypted. This is actually OK if you’re just browsing a website without entering in any personal information.

Beware of Mixed Content

  • It’s very satisfying to see that nice green padlock icon in your browser when HTTPS is up and running on your site. However, it only takes one single piece of your site that is not loading via HTTPS to change that.

  • For example, if your site is set up 100% correctly for HTTPS and you decide to embed a YouTube video in a blog post, you must make sure you use YouTube’s HTTPS URL for the video. Otherwise, the video loads over HTTP and the browser will see this, triggering a “mixed content error.” Chrome shows this by switching from the padlock icon to an information icon and saying your site “is not fully secure.”

Is Your SSL Certificate Valid and Active?

HTTPS only works if your SSL certificate is valid and active, so you must keep track of the expiration date on your certificate. If you let it expire, HTTPS will break and the browser will display a big scary warning to everyone visiting your site.

Image description

How to Get HTTPS?

  • The first step is to purchase the SSL certificate for your site. Often times, your web host will be the easiest place to get a certificate from. If they don’t offer their own SSL, some reputable certificate issuers include DigiCert, VeriSign, and GeoTrust. For the budget conscious, GoDaddy and Namecheap have the most affordable options.

  • Always make sure you are buying a certificate that is “SHA-2”, also referred to as “2,048 bit”. This represents the strength of the encryption and is currently the industry standard.

Conclusion -

No matter what level of validation or type of certificate you choose, always remember that there is absolutely no difference in the level of security or encryption. You can use a free certificate or pay hundreds of dollars and your users’ data will be just as secure as long as they are using SHA-2 encryption. By paying extra for more validations, you’re getting a more trustworthy stamp of approval on your certificate due to how heavily your website and company have been vetted.

Thats it for this post.
^^You can help me by some donation at the link below Thank you👇👇 ^^
☕ --> <--

Also check these posts as well

Top comments (0)