HTTPS

HTTPS

HTTPS stands for Hypertext Transfer Protocol over Secure Socket

Layer, or HTTP over SSL.

- SSL acts like a sub layer under regular HTTP application

- HTTPS encrypts an HTTP message prior to transmission and

decrypts a message upon arrival.

What are certificates?

For secure communication over untrusted networks we need to encrypt the

traffic. That is often done with SSL/TLS.

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer

(SSL), are cryptographic protocols that provide secure communications on

the Internet for such things as web browsing, e-mail, Internet faxing, instant

messaging and other data transfers.

What is a Certification Authority?

For organizations and servers a hierarchical key system is invented,

where a "Certification Authority" (CA) can "sign" key-pairs for multiple

servers or users.

It means the CA confirms the authenticity of the keys and its holders.

If a computer / user trust this CA, they automatically trust all keys that were

signed by it.

In such a scenario we call the public keys "certificates".

HTTPS Transaction

HTTPS Transaction

SSL as HTTP Security Concerns

Secure Sockets Layer technology protects Web site and makes it easy for Web site

visitors to trust in three essential ways:

Privacy

An SSL Certificate enables encryption of sensitive information during online

transactions.

Integrity

A Certificate Authority verifies the identity of the certificate owner when it is issued.

Authentication

Each SSL Certificate contains unique, authenticated information about the

certificate owner.

Web Server (www)

Is to serve www. (web sites)

Try them !

- Apache Web Server

very large and powerful, a lot of extensions

- Lighttpd

small but also provides some dynamic content

- Apache Tomcat

web server that provides servlet container (java servlets, jsp)