Web Server Security Protocols
HTTPS: Hypertext Transfer Protocol Secure is a secure version of HTTP that ensures the communication your web browser has with the website is secured through encryption.
HTTPS is also referred to as HTTP/TLS or HTTP/SSL. This is because there are two protocols that enable us to make our web servers secure:
- The first is transport layer security protocol or TLS, which is the most popular way to keep communications secure over a network. TLS is widely used to keep web browsing secure but it can be used in a lot of other applications too.
- The second protocol is secure socket layer protocol or SSL. It’s a way of securing communication between a web server and client but it’s pretty old and insecure, so it’s been deprecated in favor of TLS.
So if you’re managing an organization’s website on a server, how do you enable TLS on the server so that the site can be using HTTPS? Well, you need to get a digital certificate of trust from an entity called a certificate authority. The certificate authority grants a certificate to your website saying that I trust that you control the web server and verifies that you are who you say you are. Once it does that, you can install the certificate on your web server. That way, when users visit your site, they’ll see the HTTPS in the URL instead of just HTTP. Think of certificates as a way to verify that something is trustworthy.