What is HTTPS | IT - Network System Administrator & Hacking

HTTP vs HTTPS:

Hyper Text Transfer Protocol (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you connect to. It means all communications between your browser and the website are encrypted. HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms.

Web browser such as IE, Firefox, Chrome, CocCoc.. also display a padlock icon in the address bar.

How Does HTTPS Work ?

HTTPS pages typically use one of two secure protocol to encrypt communications SSL (Secure sockets Layer) or TLS (Transport Layer Security). an asymmetric system uses two “keys” to encrypt communications, a “public key” and ” private key “. Anything encrypted with the public key can only be decrypted information that was encrypted with the private key.

What is a HTTPS certificate ?

when you request a HTTPS connection to a webpage, the website will initially send its SSL certificate to your browser. This certificate contains the public key needed to begin the secure session. Based on this initial exchange, your browser and the website then initiate the “SSL handshake”. The SSL handshake involves the generation of shared secrets to establish a uniquely secure connection yourself and the website. when a trusted SSL Digital Certificate is used during a HTTPS connection. users will see a padlock icon in the browser address bar. When an extended Validation Certificate is installed on a website, the address bar will turn green.

Why is an SSL Certificate Required ?

All communications sent over regular HTTP connections are in “plain text” and can be read by any hacker that manages to break into the connection between your browser and the website. This present a clear danger if the “communication” is an order form and includes your credit card detail or social security number. With a HTTPS connection, all communications are securely encrypted. This means that even if somebody managed to break into connection, they would not be able decrypt any of the data which passes between you and the website.