Web Server Security Protocols

HTTPS: Hypertext Transfer Protocol Secure is a secure version of HTTP that ensures the communication your web browser has with the website is secured through encryption.

HTTPS is also referred to as HTTP/TLS or HTTP/SSL. ​This is because there are two protocols that ​enable us to make our web servers secure:

  1. The first is transport layer security protocol or TLS, ​which is the most popular way to keep ​communications secure over a network. ​TLS is widely used to keep web browsing ​secure but it can be ​used in a lot of other applications too.
  2. The second protocol is ​secure socket layer protocol or SSL. ​It’s a way of securing communication ​between a web server and ​client but it’s pretty old and insecure, ​so it’s been deprecated in favor of TLS.

 ​So if you’re managing ​an organization’s website on a server, ​how do you enable TLS on the server so ​that the site can be using HTTPS?   ​Well, you need to get a digital certificate of trust ​from an entity called a certificate authority. ​  The certificate authority grants ​a certificate to your website saying that I trust ​that you control the web server ​and verifies that you are who you say you are. ​Once it does that, you can install ​the certificate on your web server. ​That way, when users visit your site, ​they’ll see the HTTPS in the URL instead of just HTTP. ​    Think of certificates as a way to ​verify that something is trustworthy.