HTTPS is combination of HTTP and SSL(Secure Socket Layer) to provide encrypted communication between client (browser) and web server (application is hosted here).Why is it needed?
HTTPS encrypts data that is transmitted from browser to server over the network. So, no one can sniff the data during transmission.
How HTTPS connection is established between browser and web server?
- Browser tries to connect to the https://www.cloudnloud.com.
- cloudnloud.com server sends a certificate to the browser. This certificate includes cloudnloud.com server’s public key, and some evidence that this public key actually belongs to cloudnloud.com.
- Browser verifies the certificate to confirm that it has the proper public key for cloudnloud.com.
- Browser chooses a random new symmetric key K to use for its connection to cloudnloud.com server. It encrypts K under cloudnloud.com public key.
- cloudnloud.com decrypts K using its private key. Now both browser and the cloudnloud server know K, but no one else does.
- Anytime browser wants to send something to cloudnloud.com, it encrypts it under K; the cloudnloud.com server decrypts it upon receipt. Anytime the cloudnloud.com server wants to send something to your browser, it encrypts it under K.
This flow can be represented by the following diagram: