Hypertext Transfer Protocol Secure or
HTTPS is an extension and secure alternative to the HTTP protocol. HTTPS is very same with the HTTP where the traffic is encrypted using TLS or Transport Layer Security.
All major browsers like Google Chrome, Mozilla Firefox, Apple Safari, Opera, Microsoft Edge supports the HTTPS protocol. HTTPS also referred as HTTP over SSL or HTTP over TLS.
HTTPS uses the
https://URI scheme. The same web page can be served via HTTP and HTTPS without changing the URL or any URL related configuration.
How HTTPS Works?
HTTPS uses encryption in order to protect and hide traffic from the attacker or man in the middle attacks. HTTPS will create a transport layer with the TLS or SSL which is previous version. This transport layer will be used to transmit the HTTP traffic where during the transmission the traffic will be encrypted automatically. In order to encrypt the traffic two type of keys are used.
Private Key/Certificate is located on the server side which serves the web page and used to decrpyt the client traffic which is encrypted with the “Public Key/Certificate”.
Public Key/Certificate is provided to all clients via certificate repositories or web browsers and used to encrypt the traffic to the server. The public key encrypted data can be only decrypted with the private key.
HTTPS Advantages and Use Cases
HTTPS provides big advatanges which makes it the one of the most popular protocol on the today web. Below we will provide advantages and use cases for the HTTPS.
Security: Security is the biggest advantage provided by the HTTPS protocol. HTTPS encrypted data can be only understandable by the private certificate owner and no others can understand the content of the HTTPS.
Prevent Man In The Middle: Actually HTTPS does not prevent man in the middle attacks but makes the MITM attack ineffective where the attacker can not understand the traffic is captured.
Prevent Phishing : HTTPS will prevent web site phishing where only valid web pages and domain names will be granted with a green address bar or certificate icon.
SEO : Google started to increase ranking of the web sites with a HTTPS certifcate becuase they are assumed more reliable and secure.
Data Integrity : Data integrity is another advantage of the HTTPS certificate where if the data is changed during transmission the decryption will fail and stop which will prevent damaged data to be used.
What Is SSL/TLS Certificate?
The main technology used in HTTP is SSL/TLS certificate. SSL/TLS is two versions for certificates where TLS is predecessor and SSL is the latest version. SSL/TLS certificates are issued to the domain names and used for only issued domain and purpose. Below you can see an SSL/TLS certificate which provide basic information in “General” tab.
Details about the SSL/TLS can be viewed from “Details” tab. Details provides information about Version, Serial number, Signature algorithm, Issuer, Valid from, Valid to,subject etc.
The encryption algorithm is provided in the “Public Key” part which will encrypt the HTTP traffic.
Find HTTPS Certificate Provider
HTTPS certificates are issued to the domain names and owners by the certificate authorithies. Certificate authorities or CA’s signs the certificate and used to check validity of the HTTPS certificate. The HTTPS certificate provider is provided as SSL/TLS certificate screen.
How To Check If Website Uses HTTPS?
We can check the HTTPS connection and if it is used by the current web page from the browser address bar. If the web site is using valid HTTPS certificate the following signs will be shown.
- A lock will be shown in the start of the address bar.
- “Connection is secure” message will be shown when click to the lock icon in a green color.
- “Certificate (valid)” will be shown like below.
For this example, we can see that there is a lock icon at the start of the address bar and when we click on it we see the text “Connection is secure” which is in green color. The green color is a visual message in order to show this site has a valid and secure HTTPS connection. We can also see that “Certificate (Valid)” in this infobox.
As a negative or non-HTTPS example, we can take a look popular Chine search engine named Baidu which can be accessed from http://www.baidu.com/ . We can see that also its URL starts with HTTP, not HTTPS. When we take a look at the start of the address bar we can see the
Not Secure message. Also, there is another message “Your connection to this site is not secure” colored in red.