3 min to read

Understanding HTTP and HTTPS Protocols

A comprehensive guide to HTTP, HTTPS, and SSL/TLS implementation

Featured image


Overview

HTTP (Hypertext Transfer Protocol) and HTTPS (Hypertext Transfer Protocol Secure) are protocols for transmitting data over the internet. Let’s explore their differences and implementation.


HTTP (Hypertext Transfer Protocol)

HTTP


Concept
  • Protocol defining data transfer between web browsers and servers
  • Supports HTML, images, video, audio, and other content types
  • Transmitted as unencrypted text (security vulnerable)
Working Process
  • Client sends HTTP request message:
    • Contains HTTP method (GET, POST, PUT, DELETE)
    • Includes request URI
  • Server processes request and sends response:
    • Contains status code (200, 404, 500)
    • Includes response body
  • Client interprets response:
    • Processes received data
    • Makes additional requests if needed
Key Characteristics
  • Stateless protocol
  • No storage of previous requests/responses
  • Uses cookies/sessions for state management


🔒 HTTPS (Hypertext Transfer Protocol Secure)

HTTPS


Concept
  • Secure version of HTTP
  • Uses SSL/TLS for encryption
  • Verifies server identity through certificates
  • Protects sensitive information
  • Prevents man-in-the-middle attacks
SSL/TLS Overview
  • SSL: Developed by Netscape (1995)
  • TLS: Successor to SSL (1999)
  • Uses public key encryption
  • TLS recommended over SSL for security
  • Essential component of HTTPS
Working Process
  • Client connects to HTTPS server
  • Client requests server's public key
  • Server sends SSL/TLS certificate
  • Client verifies certificate
  • Client generates session key
  • Client encrypts session key with server's public key
  • Server decrypts session key
  • Secure communication begins


📊 HTTPS Working Process Flowchart

graph TD; A[Client connects to HTTPS server] --> B[Client requests server's public key]; B --> C[Server sends SSL/TLS certificate]; C --> D[Client verifies certificate]; D --> E[Client generates session key]; E --> F[Client encrypts session key with server's public key]; F --> G[Server decrypts session key]; G --> H[Secure communication begins];


Implementation Guide: Apache SSL/HTTPS Certificate

1. Install OpenSSL and Enable SSL Module

# Install OpenSSL
sudo yum -y install openssl

# Verify installation
rpm -qa |grep openssl

# Install mod_ssl
yum install mod_ssl

# Check mod_ssl.so
cd /etc/httpd/modules/
ls mod_ssl*

2. Generate Private Key

openssl genrsa -des3 -out server.key 2048

3. Create Certificate Signing Request

openssl req -new -key server.key -out server.csr

# Required information:
Country Name: KR
State: Seoul
Locality: city
Organization: company
Unit: section
Common Name: somaz
Email: somaz@gmail.com

4. Remove Password from Private Key (Optional)

cp server.key server.key.origin
openssl rsa -in server.key.origin -out server.key

5. Generate Certificate

openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

6. Copy Certificates

cp server.key /etc/httpd/conf/
cp server.crt /etc/httpd/conf/


Reference