The functions of HTTPS is to ensure reasonable protection from man-in-the-middle attacks and eavesdroppers. Server certificate must be trusted and verified and cipher suites are adequate in order for HTTPS connection to be effective. Actually HTTPS is not even a separate Internet protocol but it is an ordinary HTTP over an encrypted SSL which stands for Secure Socket Layer.
However before a HTTPS connection occurs, the website administrator must provide public key certificate which signed by trusted certificate authority for the web browser (like Firefox or Internet Explorer) to accept it. Generally singing certificates of major certificate authorities are distributed together with web browsers which means they can verify certificates that signed by them. This certificates may cost from free to $1500 or more a year. Some organizations runs their own certificates authority as well which used in preparing the HTTPS connection.
0 comments:
Post a Comment