Introduction
If you are a developer, you probably know what an SSL certificate is. If you don't know what it is, don't worry. An SSL certificate is a must-have on any website. It lets your web browser connect to a web server securely. SSL stands for Secure Sockets Layer, and it is a digital certificate that allows for an encrypted connection.
But let's back it up a bit. First, we need to know what lets a web browser and a webserver connect. To connect with a website, we need HTTP.
What is HTTP?
HTTP stands for Hypertext Transfer Protocol and this protocol is used to transfer data from the web servers to web browsers. So if you ever visit a website you can notice the protocol being added at the beginning of the web address. So for example http://www.website.com. This protocol is used to view different web pages on the internet.
By default in standard HTTP, all of the information is sent in clear text. What this means is when you type something, it gets sent over the public internet which means that hackers can view it, because it's all sent over in clear text.
This isn't a problem, that is if you only browse a website, but if there are any passwords involved, or any other personal information, such as credit card information, then a hacker could easily get that info. Due to the fact it's being sent over the public internet, a hacker could listen in as the data is being transferred and could steal it.
If you ever have to type in personal information, you should always check if you have a secure connection. And for you to have a secure connection, you would need to use HTTPS.
What is HTTPS?
HTTPS is HTTP, but secure. That's why there is an S added. Hypertext Transfer Protocol Secure. What this does is encrypt the data that is being retrieved by HTTP. It lets all of the data that is being transferred between the server and the computer secure. The way it does that is by making the data impossible to read by encryption algorithms that mix up the data that's being transferred.
So whenever you are on a site and you have to enter a password or some credit card information, make sure the web address looks like this - https://www.website.com. This means that the data that you pass in will be protected. You can also notice a padlock to the left of the web address, which also indicates you are using a secure HTTP.
Thanks to the encryption algorithms the data we put in comes out all scrambled up so that hackers can't understand and decrypt it.
HTTPS secures the data thanks to a protocol called:
SSL
SSL stands for Secure Sockets Layer and it is a protocol that's used to establish security on the internet. But how exactly does SSL work? Well, it uses public-key encryption to secure data.
What this means is when a computer connects with a website that is using SSL, the computer's web browser will ask the website to say who it is or identify itself. Then the webserver will send the computer a copy of the SSL certificate it has.
An SSL certificate is a small digital certificate that is used to validate the identity of a website. Or in other words, this lets your computer know that the website you're visiting is reliable and trustworthy.
So then the browser of the computer can check if it trusts the certificate and if it does it will send a message to the web server, to which then the web server will respond with a response so that an SSL session can begin.
Most SSL certificates have to be paid for, but there are also some free ones, for example:
Let's Encrypt
Letβs Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free SSL certificates, thereby enabling encrypted HTTPS on web servers. You could check this post out on How To Secure Nginx with Let's Encrypt on Ubuntu so that you can get a little bit more familiar with Let's Encrypt.
Conclusion
This may seem confusing at first, but it's best to get to know how the internet actually works and the different protocols that are out there. If you notice almost all of the sites nowadays have HTTPS instead of HTTP, even though there isn't any data to be transferred between servers, and that's because Google has started flagging websites as Not Secure because they aren't protected with SSL.
I hope that this post has helped you learn a little bit more about these protocols that you use daily and how they work.
Top comments (6)
I think I read sometime back that HTTPS does not actually encrypt the data itself but indeed sends it through sort of an encrypted tunnel. If the hacker is able to crack the tunnel's encryption, then he can have access to the data as it is. Not sure if I remember it correctly.
Yes, HTTPS actually uses SSL to encrypt the data or the HTTP requests and responses . Thanks for pointing that out, so that it can be more clarified for everyone π
Nice pice of information.
Thanks, gald you find it useful!
Great post! Very well explained! π
Thanks!