HTTPS: what is it for?
Web agency » Digital news » HTTPS: what is it for?

HTTPS: what is it for?

nicolas-g-2ParNicolas G. Published on

In the “acronyms” family, I would like HTTPS, please. HTPP what? HTTPS, for Hyper Text Transfer Protocol Secure.

You do not speak English ? No problem. Tremplin Numérique explains to you what HTTPS is, to finally understand and be comfortable with this acronym that everyone talks about so much.

HTTPS: Hyper Text Transfer Protocol Secure

HTTPS is the secure version of HTTP, the protocol by which data is sent between your browser and the website you are connected to. The letter 'S', at the end of HTTPS, stands for 'Secure'. No need to have had a literary baccalaureate to understand this. In French, it means “secure”. In other words, all communication between your browser and the website is encrypted. HTTPS is thus widely used to protect highly confidential online transactions such as Internet banking and online order forms for example.

Web browsers like Chrome, IE or even Firefox also display a padlock icon in the address bar to visually indicate that an HTTPS connection is in place. For users, the presence of this padlock is easily identifiable and above all… very reassuring.

How does HTTPS work?

Rest assured, we are not going to go into details or highly technical considerations! But you have to understand some things...

HTTPS pages typically use one of two secure protocols to encrypt communications: Secure Sockets Layer (SSL) or Transport Layer Security (TLS). Oh my God… more English!

Hold fast…

Both the TLS and SSL protocols use what is known as an “asymmetric” public key infrastructure (PKI) system. This system uses two “keys” to encrypt communications, a “public” key and a “private” key. Anything encrypted with the public key can only be decrypted with the private key and vice versa.

Easy to understand, right? It's not over...

The “private” key, as its name suggests, must be protected and must only be accessible by its owner. In the case of a website, the private key stays warm, safe on the web server. Conversely, the public key is intended for distribution to anyone who needs to decrypt information that has previously been encrypted with the private key.

What is the HTTPS certificate for?

When someone requests an HTTPS connection to a web page, the site first sends its SSL certificate to the browser. This certificate contains the public key necessary to launch the secure session. Based on this first exchange, the browser and the website come to an agreement through what is known as the “SSL handshake”. Once the SSL handshake is done, the secure connection can be initiated.

While an HTTPS connection is indicated by means of a padlock icon in the address bar of the browser, this same bar turns green when an EV SSL (Extended Validation Certificate) certificate is installed on a website.

Is an SSL certificate really necessary?

All communications based on HTTP connections are, by definition, free of any form of security. They can thus be read by anyone, including hackers who do not hesitate to interrupt the connection between a browser and a website. This obviously presents a danger, if the hacking occurs on a critical point of the site, for example during online payment… Bank card number, credit card number, passwords… everything is good to take! Thanks to an HTTPS connection, all communications are securely encrypted. This means that even if someone managed to force the connection, they would not be able to decrypt the data passing between users and the website.

Should an HTTPS certificate be installed or not? If you are wondering, remember that the main advantages of this type of certificate are security for your site and for your customers' data. If your site collects customer data or offers products or services for sale, the HTTPS certificate is not an option. It is an obligation pure and simple. Mass has been said.

★ ★ ★ ★ ★

nicolas-g-2
Nicolas G.

Nicolas is co-manager of the web agency Tremplin Numérique, and expert in SEO natural referencing and e-reputation.