What is HTTPS Encrypted Connection?
HTTPS (Hypertext Transfer Protocol Secure) is a combination of two protocols, HTTP (Hypertext Transfer Protocol) and SSL / TLS. HTTP uses port 80, and HTTPS uses port 443. The second one has an encryption algorithm that ensures secure data transmission through an HTTPS encrypted connection. The “S” at the end of HTTPS stands for “Secure”.
SSL / TLS uses two keys for this, the public key that is used when visitors interact with the site by sending different data (a comment, vote, transaction, etc.) that are encrypted and transmitted to the server, the server receiving these data applies the private key to decrypt messages, the server only uses the private key.
In other words, you encrypt messages on your computer with the public key (which is why you must have an updated browser) to be sent to the server that decrypts them with the private key.
HTTPS protects you only while transmitting data between your computer and web server. If a hacker has stolen your private key, he will be able to decrypt your messages, so server security remains just as important to your site’s security.
Why do I need an HTTPS encrypted connection?
- Security – When browsing the Internet and visiting sites that do not have valid HTTPS, your data is transmitted in an open format, and anyone can intercept this data. Website visitors want to be protected, and they do not want their data to be stolen;
- SEO – In 2014, Google mentioned it would increase the ranking (see: HTTPS as a ranking signal ) and will favor sites that use HTTPS as a search result, as everyone who wants to appear on the first page of search results have to use an Encrypted connection, so this is the only change to increase your chances;
- A Safer Web – Again Google, this time with Google Chrome, starting with version 56, when you fill in your password fields or card information, it will show that this site is not safe; This will be just the beginning because in the future versions will be even more aggressive where the red warning triangle will appear in the address bar.
- Online Stores – The vast majority of plugins or modules dealing with online transactions will no longer work without HTTPS.
How much does it cost?
“Let’s Encrypt” gives you free certificates, and they will become one of the biggest players in the field.
Site administrators notified by Google that the browser will alert users in January 2017, have rushed to move their websites from HTTP to HTTPS. You can see in the above graph a significant increase in November-December 2016.
Let’s Encrypt is supported by many large companies such as Google, Mozilla, Cisco, OVH, Facebook, Automattic, etc.
Get Your SSL Certificate (Cheap)Certificates are divided into three types:
- DV Certificates – In this case, the Certification Authority checks (usually automatically online) if you own the domain name and get the green locker. The price range is 10-400 USD;
- OV Certificates – You need to demonstrate to the certifying authority that you are the legal entity that owns the domain. Usually, they request the info on paper, so it will take a bit until you get the certificate. The Price is between 50-1000 USD;
- EV Certificates – To obtain this type of certificate, you need to submit a different kind of information checked manually like legal address, phone number, data about the individual/business, type of activity, etc. This gives your visitors a visual assurance of your security where the name of the company is indicated. It is perfect for online stores to increase buyer’s confidence. The conversion can usually increase up to 3%. The price – 190-1500 USD.
So now you’re sure you have the question: What’s the difference between a free one and a $1500 certificate besides the Green bar?
The answer is straightforward: The Warranty! The higher the price, the greater the Warranty.
Get Your SSL Certificate (Cheap)Note: If you have a certificate, I suggest being careful when it expires and extend it at least one week before the expiration date. If you forget to renew it, the red bar will be displayed and will warn all visitors that the website is not secured!
Conclusion
Buy good certificates, generate public and private keys, install and configure the server to receive encrypted messages.