HTTPS Flow
A simplified explanation of how HTTPS works.
Initiating the Connection:
You, as a user, type a website address (e.g., https://www.example.com) into your browser and hit Enter.
Your browser sends a request to the web server hosting the website.
Server Verification (SSL Handshake):
The web server responds with its SSL certificate. This certificate includes the server's public key and some other information.
Your browser checks the certificate to ensure it's valid and issued by a trusted Certificate Authority (CA). If the SSL certificate presented by the web server is not issued by a trusted Certificate Authority (CA), your web browser will typically display a warning to inform you that the connection may not be secure. This warning could manifest as a message indicating that the connection is not private or that the certificate is not trusted.
If everything checks out, your browser generates a session key, encrypts it using the server's public key, and sends it back to the server.
Establishing Secure Connection:
The server receives the encrypted session key and decrypts it using its private key.
Both your browser and the server now have the same session key, which they'll use to encrypt and decrypt data during the session.
Secure Data Transfer:
From this point on, all data exchanged between your browser and the server is encrypted using the session key.
This encryption ensures that even if someone intercepts the data while it's being transmitted, they won't be able to understand it without the session key.
Page Loading:
Once the secure connection is established, your browser continues to send the request for the webpage content.
The server responds by sending the requested web page and any associated files (images, scripts, etc.).
Your browser receives the encrypted data and decrypts it using the session key.
Closing the Connection:
After the webpage is fully loaded, your browser and the server may decide to terminate the connection.
If the connection is terminated, the session key is discarded, and a new one will be generated for any future connections.
In summary, HTTPS ensures secure communication between your browser and the web server by encrypting data using SSL/TLS protocols. TLS is a successor of SSL.
Last updated