The internet runs on protocols. Rules and norm defined so that there is some form of standardization. One such protocol is the HyperText Transfer Protocol(HTTP).
I am sure you already must have heard about it and for those of you who haven’t, HTTP is a protocol that acts as the base for data communication all over the web.
Now HTTP was doing great but with the internet expanding, there was the need for additional security in websites. This led to the creation of HTTPS, which is basically HTTP under the hood but with additional security.
What’s the difference?
As I already said, that HTTPS is just HTTP with some additional security. This additional security comes with either SSL i.e the Secure Sockets Layer or the TLS i.e the Transport Layer Security.
Also, HTTP runs on port 80 by default but HTTPS runs on port 443. Also, when you run a website with HTTPS, you can very evidently see a padlock icon in most browsers that tells you that the website uses HTTPS.
What Makes it so secure?
Unlike HTTP that has no security measures to protect the data flowing from the client to the server, HTTPS has it covered. So HTTPS uses this thing called public key cryptography and don’t worry as it is not from another planet.
Public key cryptography is a fairly simple concept. We have 2 mathematically related yet distinct and unique keys that are generated, one of them is the private key(to decrypt data) and the other one is a public key(to encrypt data).
The private key, as it sounds, is private and only available to the owner of the website and the public key, on the other hand, is available to anyone who wishes to access the website.
How does it Work?
Whenever you visit a website that has HTTPS, you are given a public key. This public key is stored on your computer via your browser. Now whenever you send some information to the server, your data is encrypted using the public key. This encrypted data is sent to the server where it is decrypted by the private key.
Now the fun here is that even if someone intercepts your data en-route to the server, they will just get encrypted data that can only be decrypted with the private key which sits securely on the server.
How do I convert my website to HTTPS?
That’s actually pretty simple. All you need to do is install an SSL certificate on your website.
There are some famous providers like Comodo, Digicert, and GlobalSign that sell SSL certificates. But you need not pay for an SSL certificate. There are some free services like letsencrypt and freessl, that can actually provide you with a free SSL certificate.
So I guess we have understood the basic difference with HTTP and HTTPS. Most of the websites have moved on to the latter, and those that haven’t are soon moving. Also, Google has said that its Chrome browser will start marking websites that do not have HTTPS as not secure. So maybe it’s high time we start migrating.