HTTPS

HTTPS (HTTP Secure) is an encrypted version of the HTTP protocol. It usually uses SSL or TLS to encrypt all communication between a client and a server. This secure connection allows clients to safely exchange sensitive data with a server, for example for banking activities or online shopping.

Setting up and maintaining HTTPS can be easy or hard, depending on how much of the configuration is transferred to a third party. For example, setting up HTTPS in case you control the infrastructure, OS, and applications running on it is a lot more involved than simply deploying your application at a cloud provider who takes care of the infrastructure and HTTPS configuration for you. This chapter will guide you along the steps you need to take in case you control everything.

For those who after reading this chapter wish to take a deeper dive into HTTPS, the following read is recommended: https://english.ncsc.nl/publications/publications/2019/juni/01/it-security-guidelines-for-transport-layer-security-tls

Some parts of this page are based on HTTPS by Mozilla Contributors, which is licensed under CC-BY-SA 2.5.