Note:This is a multi paged article. Please click to go to the next pages to read the whole article.
Sometimes when you logged in to some websites, such as Gmail, you will realize that the URL will become https:// rather than http:// on your web browser’s address bar. You will definitely see this all the time when you are logged into any of the online banking portals.
So what is this https thing is all about?
Actually it means the website is running on SSL (Secure Socket Layer).
SSL (Secure Socket Layer) protocol are created by Netscape to ensure secure transactions between web servers and browsers. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions.
This is basically how it works:
1. The website that you are visiting, will forward you to a https:// link when you are trying to login or clicked some links in the website. Usually when you are forwarded to pages with https:// means you are transferred to some pages that might require to transfer some sensitive details, like login etc.
2. Then, when you loaded the pages running on https:// the web server will sends its public key with its certificate to your web browser.
3. Now, your web browser will check the certificate whether it is issued by any trusted root CA or not, and check whether the certificate is still valid or had expired or not. And it will also check if the certificate, is related to the site or not.
4. Once validated, the browser will use the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data.
5. The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data.
6. The web server sends back the requested html document and http data encrypted with the symmetric key.
7. The browser decrypts the http data and html document using the symmetric key and displays the information.