HTTPS actually consists of two parts: HTTP + SSL/TLS,
That is, a layer of encryption information is added to the HTTP module. The transfer of information between the server and the client is encrypted through TLS, so the transmitted data is encrypted
1. Client initiates HTTPS request
This is nothing to say, is the user in the browser input an HTTPS URL, and then connect to the server port 443.
2. Configuration of the server side
Servers that use the HTTPS protocol must have a digital certificate that they can make themselves or apply to the organization. The difference is that the certificate you issued requires client authentication to continue access, and the certificate requested by a trusted company does not pop up on the hint page (Startssl is a good choice, with 1 years of free service). This set of certificates is actually a pair of public and private keys. If you do not understand the public key and the private key, you can imagine a key and a lock, but the whole world only you have this key, you can give the lock to others, others can use the locks to lock up important things, and then sent to you, because only you have this key, So only you can see what is locked up by this lock.
3. Transferring certificates
This certificate is actually the public key, but contains a lot of information, such as the certificate Authority, expiration time and so on.
4. Client Resolution Certificate
This part of the work is done with the client's TLS, first verify that the public key is valid, such as the authority, expiration time, and so on, if an exception is found, a warning box pops up, prompting for a problem with the certificate. If there is no problem with the certificate, then a value is generated. The random value is then encrypted with a certificate. As it says above, lock the random values with locks so that the locked content is not visible unless you have a key.
5. Transmitting encrypted information
This part transmits the random value that is encrypted with the certificate, the purpose is to let the server to get this random value, the client and the service side of the communication can be encrypted by this random value to decrypt.
6. Service Segment Decryption Information
After the server is decrypted with the private key, a random value (private key) is obtained from the client, and then the content is symmetric encrypted by this value. The so-called symmetric encryption is that the information and the private key through an algorithm mixed together, so that unless the private key is known, or can not get the content, and just the client and the server know the private key, so long as the encryption algorithm is sturdy enough, the private key is complex enough, the data is safe enough.
7. Transfer of encrypted information
This part of the information is the service segment with the private key encrypted information, can be restored on the client
8. Client Decryption Information
The client uses the previously generated private key to decrypt the information passed by the service segment and obtains the decrypted content. The process the third party, even if he hears the data, is helpless.
--eof--
Source: http://blog.csdn.net/sean_cd/article/details/6966130
How HTTPS works