HTTPS is an HTTP channel with security as the goal, and the security of the transmission process is ensured through transmission encryption and identity authentication on the basis of HTTP. It adds SSL (Secure Sockets Layer) to the top of HTTP, so the security foundation of HTTPS is SSL. HTTPS is a URI scheme (abstract identifier system) with syntax similar to the HTTP system, which is used for secure HTTP data transmission. HTTPS uses TCP port 443 and encrypts the data, which makes it impossible for packet capture tools to see the contents of the packet, which greatly improves security. As a result, HTTPS is widely used on the World Wide Web for security-sensitive communications, such as transaction payments. Some relatively high-security **, such as online banking, e-commerce**, etc., need to use https for access.
HTTPS encrypts the data in transit through the TLS SSL protocol on the basis of HTTP transmission, which can effectively prevent the data from being intercepted, intercepted, and tampered with by third parties. You can configure an HTTPS certificate on the DCDN to encrypt requests between the client and the DCDN to ensure the security of data transmission.
Is there any major difference between https and http?
Security: HTTP is a plaintext transmission protocol, which is easy to be stolen or tampered with during data transmission, and has low security. HTTPS is an encrypted transmission protocol that is encrypted through SSL TLS to ensure the security of data transmission. The HTTPS protocol requires a certificate authority (CA) to apply for a certificate and requires a certain fee, while HTTP does not.
Port: HTTP and HTTPS use different ports, HTTP uses port 80 by default, while HTTPS uses port 443 by default.
Resource consumption: Compared with HTTP, HTTPS requires additional encryption and decryption operations, so it consumes more CPU and memory resources. At the same time, the HTTPS protocol also needs to perform operations such as certificate verification, which will also increase a certain network overhead.
Browser address display: If you use the https protocol, a green security lock will be displayed in the browser address bar, indicating that the user's current connection is secure; If you use the HTTP protocol, you will be shown an insecurity flag to alert the user.
Search engine optimization: The HTTPS protocol is more favored by mainstream search engines (such as Google, etc.), and those who use the HTTPS protocol may rank higher in search results.
How does the encryption and decryption of the HTTPS protocol work?
The encryption and decryption operations of the HTTPS protocol mainly rely on the SSL TLS protocol to implement them. SSL (Secure Sockets Layer) is a protocol that provides encrypted communication, while TLS (Transport Layer Secure Protocol) is a successor version of SSL that provides stronger security.
During HTTPS communication, the client (such as a browser) and the server side perform a series of handshakes to establish a secure connection. Here is a brief process of https encryption and decryption operations:
Key exchange: The client sends a random number to the server and obtains a server random from the server. These two random numbers are then used to generate the key for symmetric encryption.
Certificate validation: The server sends its public key certificate to the client. The client verifies that the certificate is issued by a trusted certificate authority and that the certificate is valid. This verification process ensures that the client is communicating with the correct server and not a fake one.
Generate a premaster secret: The client encrypts a premaster secret with the server's public key and sends it to the server. Since only the server has the corresponding private key, only the server can decrypt this pre-master key.
Generate session keys: Both the client and the server use the pre-master key, client randomness, and server randomness to generate symmetric encrypted session keys through certain algorithms. These session keys will be used for subsequent data encryption and decryption.
Encrypted communication: The client encrypts the requested data using a session key and a symmetric encryption algorithm (such as AES) and sends it to the server. The server uses the same session key and symmetric encryption algorithm to decrypt the received data.
Data integrity verification: HTTPS also uses a message authentication code (MAC) to verify the integrity of the data. Both the client and the server use the session key and a hash function (e.g., SHA-256) to calculate the MAC value of the data, which is then appended to the data and sent to the other party. The receiver calculates the MAC value of the received data using the same session key and hash function and compares it with the attached MAC value to verify the integrity of the data.
What are the brands of the https protocol?
DigiCert: Digicert is a globally renowned provider of digital certificates that offers several types of SSL TLS certificates, including Domain Validation (DV) certificates, Organization Validation (OV) certificates, and Extended Validation (EV) certificates. Digicert's certificates are widely accepted and trusted for businesses of all sizes. GeoTrust: GeoTrust is another globally renowned digital certificate provider that also offers several types of SSL TLS certificates. Geotrust's certificates are compatible with most browsers and mobile devices due to their compatibility and recognition. Comodo: Comodo is a company that provides digital certificates and security services, as well as several types of SSL TLS certificates. Comodo's certificates are relatively low, making it suitable for businesses that want to implement encryption on a budget. Symantec: Symantec (now part of DigiICERT) used to be a leading digital certificate provider, offering several types of SSL TLS certificates. Although Symantec has stopped issuing new certificates, its original certificates are still widely accepted and trusted. GlobalSign: GlobalSign is a company that provides digital certificates and security services, and also offers several types of SSL TLS certificates. GlobalSign's certificates are compatible and recognized, and are suitable for all sizes** and businesses.
How do I configure HTTPS on the whole site?
Step 1: Apply for an SSL certificate.
The first step in enabling HTTPS is to apply for an SSL certificate.
There are two types of SSL certificates: free and paid, and all major cloud vendors can get free SSL certificates.
Tencent Cloud, Alibaba Cloud, Cloud, Huawei Cloud, Geotrust, Comodo, etc., all have SSL certificates for purchase.
Step 2: Deploy the SSL certificate, take the domain name and Apache server as an example, and add the following ** to httpdconf to deploy the SSL certificate at **:tips:httpd.conf in the apache directory conf. Enable SSL
sslengine on
sslproxyengine on
sslproxyverify none
SSL certificate local path
sslcertificatefile "C: SSL certificate path wwwxxx.com _public.crt"Public Key Certificate.
sslcertificatekeyfile "C: SSL certificate path wwwxxx.com .key"Private key certificate.
sslcertificatechainfile "C: SSL certificate path wwwxxx.com _chain.crt"Domain name certificate and redirect HTTP to the appropriate https site:
Fill in the domain name, wwwxxx.com ↓
servername www.xxx.com
rewriteengine on
http redirects to https
rewriterule ^(1 [r=301,l]
Place wwwxxx.com to your domain name.
At this point, visit ** under HTTP
You can jump to to achieve a true https effect.
The second method: through the pagoda panel.
1. First of all, prepare the certificate documents, one is to. crt, one is to start with. key.
2. Log in to the background of the pagoda panel http: your server IP 8888
3. After logging in, click "**" on the left
4. In the **list** on the right, select the domain name you want to install the SSL certificate, click "Settings", 5. Select your**, click "Settings", switch to the "SSL" tab, click on other certificates and paste the **certificate (PEM format) and key (Key) you purchased to the corresponding position, as shown in the following figure:
6. Wait for the pagoda service to respond, and then the configuration can be completed.