How to get your website to support HTTPS

How to get your website to support HTTPS

Today's mainstream web site is basically using HTTPS to provide services to the outside world, and even some companies recommend the full use of HTTPS, then what is HTTPS? Please refer to the following diagram, HTTPS is in the TCP/IP protocol we usually say between the transport layer and the application layer, in this layer of the client browser and server-side encryption, it can be seen that the role of encryption is only reflected in the application layer, that is, the TCP layer to see the encrypted data, The application layer is still clear, that is, HTTPS is transparent to the application layer, usually our HTTP request, the request Header,key-value is clear, that is, the application layer of HTTP and HTTPS sent data is consistent, The difference is just below the TCP layer, let's take a look at two requests to illustrate.

HTTPS request

HTTP request

For HTTP and HTTPS if we capture packets separately at the TCP layer, we can see that HTTP is unencrypted and HTTPS is encrypted.

Next we say how the SSL layer is encrypted, we all know asymmetric encryption, general Web site if you want to support HTTPS need to purchase a certificate to the authority, the certificate contains a public and private key pair, The public key is sent to the client, the client uses the public key to encrypt, the server uses the private key to decrypt, then some people will ask, why also to the authority to apply for, oneself constructs a got bai, can, If you just use it yourself, but if you want a lot of people to use it, these people do not know you, how to do? How did you prove you were you? This time the authority will come in handy, we installed the browser by default is to trust some mainstream authority, he sent you a certificate, you can prove you are you, well, this should be clear.

The following is an example of Java EE Web site to talk about what configuration or code is required to support HTTPS. Buy a certificate if you want your site to support HTTPS actually do not need to change the code, unless you have special needs, such as which URLs you need to support HTTPS remaining some need HTTP, in fact, this demand is very rare, but there is. With the following configuration in Tomcat, your site can support HTTPS, where the C:\testkeystore is where you store the key.

<connector port= "8443" protocol= "http/1.1" sslenabled= "true"               maxthreads= "Up" scheme= "https" secure = "true"               clientauth= "false" sslprotocol= "TLS"            keystorefile= "C:\testkeystore"            Keystorepass= "Solidmango"/>

How do you know if your website is fully supported by HTTPS after you have configured it? Open the browser and see the following configuration to show that your HTTTPS configuration is successful.

Summarize

This article from the theory to the practice of the full discussion of the front-of-the-counter details of the HTTPS, I hope that we have help and common progress.

How to get your website to support HTTPS