Technical Terms: HTTP, HTTPS, SSL, TLS and Certificate

When you are browsing web pages you are using either HTTP or HTTPS. The latter is the more secure way to view websites. HTTPS uses TLS and certificates to insure security, privacy and integrity.

Video Transcript
So today we're going to take a look at two terms that you're going to come in contact with a lot when you browse the internet. You've probably seen them before. These are HTTP and HTTPS. They're some related terms were going to look at as well, SSL, TLS, and Certificate.

So what is HTTP? Well it stands for hypertext transfer protocol. The idea is that the internet can use a variety of different ways to communicate with you. For instance there's an email system, there's file transfers, there are streaming video protocols. Things like that. The hypertext transfer protocol is a way for you to request and load web pages. So it's one of the primary ways we use the internet.

HTTP was basically the web. You would use the HTTP protocol to view web pages. You use a web browser to do that and web servers would be at the other end serving up webpages. So here's when you might see HTTP. When you're trying to go to a webpage. You may type http and then colon slash slash and the address like macmost.com. Now web browsers today don't require you to put the http in front. If you just type macmost.com it will assume that you want to use that protocol, of course, because you're in a web browser looking at the web. But you may see it sometimes when people talk about a web address they'll put the http colon slash slash before the address.

Now, what's HTTPS? Well, it's the same thing with the word Secure at the end. The idea is that it's a secure way to look at the internet. You'll see this as well when you look at a web address. Sometimes you'll see https instead of http. Again you don't have to enter that in there. Web sites today, if they only operate with https in a secure mode, if you just type the address, like macmost.com you'll automatically be connected to https. However there are some websites that will allow you to do both. The insecure way and the secure way. So in that case you may need to type https colon slash slash and then the address to go to the page and make sure you're secure. Otherwise you may get the insecure version of the site. A lot of times though it doesn't matter unless you're sending information back and forth.

Now here's what it looks like once you go to a webpage using https. The difference is you'll see a padlock in Safari on a Mac next to the address. Now if you don't see that it means you weren't successfully connected to that website using the secure method. This can happen if the website is misconfigured or simply doesn't offer that secure method. So if you really want to make sure that you're contacting the website in a secure way then check for the padlock after the page loads.

Now this isn't always important. If you're just looking for information, like looking at wikipedia and just reading something, it really probably doesn't matter for most cases. But if you're doing something like banking or logging onto a social network or something like that then you want to make sure you're connected in a secure method. Most of those type of websites insist on doing that.

So here are two other terms you'll hear that have to do with https. SSL and TLS. So, basically these are the methods of security used to connect to these web servers from your web browser. Now it used to be that SSL was the way it was done. This was years ago and it's been updated for a new type of method doing it called TLS. So you may hear either one of these, you know, connect to this website using TLS for instance. That just means using https. You'll also hear people saying using SSL. I do this myself sometimes. SSL is the older method. Today when people say SSL they're most likely, really, saying TLS. The old abbreviation has just kind of stuck as the method used for https.

Now there are several reasons why you want to connect to websites with https. The first one is security. This is the original method. This is when we connected using secure methods ten, fifteen years ago this was what we wanted. We wanted security. A lot of websites back then were regular http until maybe you were going to buy something and as soon as you got to the pages that had to do with entering credit card information it would switch over to using https and you'd get a little notification saying it was secure and all that kind of thing.

But more recently the emphasis has been on privacy. This was why entire websites today are secured in this way. Because what happens is if you're not using a secure method to browse the web that means everything you're doing, which is the requests you making like say entering text in the search boxes or which page you go to, that's all something that could be seen by every server between you and the actual web server. Since the internet isn't a direct line to anything, you know you're communicating with your ISP and the ISP makes several jumps to different servers before it gets to the web server, all those intermediate steps they could see what it was you're requesting and they could see the information that was coming back.

So today it's not only used for security but also for privacy. Then there's also the fact that your own integrity of making sure that when you send data, the data actually gets there intact and when the data is sent back to you that it's actually gets back to you intact. That there's been no server has messed with the information in-between.

On last term that you should know that's related to this is Certificate. This is how it all works. There are certificate authorities out there. Several big companies that deal just with security. Web browsers know how to communicate with these companies securely and get what are called certificates and use those certificates to then be able to communicate from you to whatever website it is that you're viewing. So certificates are an important part of connecting to a website using https.

Comments: 5 Responses to “Technical Terms: HTTP, HTTPS, SSL, TLS and Certificate”

    Robert Hutchison
    7/26/18 @ 12:33 pm

    Hi Garry, great video, thank you. I always wondered what the padlock meant when I went to a website, my question is how does it make it secure? I’m not sure I understood about the certificate, I’ve had it come up on my Mac and iPad in the past saying this certificate isn’t valid, or something similar. Thank you,
    Robert.

    7/26/18 @ 1:44 pm

    Robert: Simplified version: The website encrypts its data and sends it to your browser. Your browser identifies where the certificate for that encryption lies (with a trusted company) and fetches it. It uses this certificate to decrypt it for you. Same in reverse. It only works because your browser and the site both use and trust a third-party company with that certificate.
    Think of it like this: If you buy something from a stranger on eBay, it is risky right? But what if you buy something from a person and it happens that you both have a good friend in common, one you both trust? The friend is common is the certificate company, you are the browser, and the stranger is the server.

    Fran
    7/26/18 @ 8:22 pm

    Would like more instructional videos on certificates how to get a certificate when you are sending emails.

    Robert Hutchison
    7/26/18 @ 11:45 pm

    Hi Garrry,
    Thank you very much. I understand how it works now.

    7/27/18 @ 1:59 am

    Fran: Can you explain what you are trying to do? Maybe ask that in the forum, not here. Certificates are for websites in this context. So what is it you are trying to do with certificates in email? Are you trying to send encrypted email for some reason?

Comments Closed.