What is HTTPS Encrypted Connection?
HTTPS (Hypertext Transfer Protocol Secure) is a combination of two protocols, HTTP (Hypertext Transfer Protocol) and SSL / TLS. HTTP uses port 80 and HTTPS uses port 443, the second one has an encryption algorithm that ensures secure data transmission through an HTTPS encrypted connection. The “S” at the end of HTTPS stands for “Secure”.
SSL / TLS uses two keys for this, the public key that is used when visitors interact with the site by sending different data (a comment, vote, transaction etc.) that are encrypted and transmitted to the server, the server receiving these data applies the private key to decrypt messages, the private key is only used by the server.
In other words, you encrypt messages on your computer with the public key (which is why you must have an updated browser) in order to be sent to the server that decrypts them with the private key.
HTTPS protects you only while transmitting data between your computer and web server. If your private key has been stolen by a hacker then he will be able to decrypt your messages, so server security remains just as important to your site’s security.
Why do I need an HTTPS encrypted connection?
- Security – When browsing the Internet and visiting sites that do not have valid HTTPS, your data is transmitted in an open format and anyone is able to intercept this data. WebSite visitors want to be protected, they do not want their data to be stolen;
- SEO – In 2014, Google mentioned it would increase the ranking (see: HTTPS as a ranking signal ) and will favor sites that use https as a search result, as everyone who wants to appear on the first page of search results have to use an Encrypted connection so this is the only change to increase your chances;
- A Safer Web – Again Google, this time with Google Chrome, starting with version 56, when you fill in your password fields or card information it will show that this site is not safe; This will be just the beginning because in the future versions will be even more aggressive where the red warning triangle will appear in the address bar.
- Online Stores – The vast majority of plugins or modules dealing with online transactions will no longer work without https.
How much does it cost?
“Let’s Encrypt” gives you free certificates, soon they will become one of the biggest players in the field.
Site administrators who have been notified by Google that the browser will alert users in January 2017, have rushed to pass the sites from http to https. You can see in the above graph a significant increase in November-December 2016.
Let’s Encrypt is supported by many large companies such as Google, Mozilla, Cisco, OVH, Facebook, Automattic, etc.
Certificates can be divided into three types:
- DV Certificates – In this case, the Certification Authority checks (usually automatically online) if you own the domain name and get the green locker. The price range is 10-400 USD;
- OV Certificates – You need to demonstrate to the certifying authority that you are the legal entity that owns the domain, usually they request the info on paper, so it will take a bit until you get the certificate. The Price is between 50-1000 USD;
- EV Certificates – To obtain this type of certificate, you need to submit a different kind of information that is checked manually like legal address, phone number, data about the individual/business, type of activity, etc., This gives your visitors a visual assurance of your security where the name of the company is indicated. It is perfect for online stores to increase buyer’s confidence, the conversion can usually increase up to 3%. The price – 190-1500 USD.
So now you’re sure you have the question: What’s the difference between a free one and $1500 certificate besides the Green bar?
The answer is very simple: The Warranty! The higher the price, the greater the Warranty.
Note: If you have a certificate I suggest to be careful when it expires and extend it at least one week before the expiration date. If you forget to renew it the red bar will be displayed and will warn all visitors that the website is not secured!
Buy good certificates, generate public and private keys, install and configure the server to receive encrypted messages.