I had never used https on a site and now want to try it. I did some research, but not sure that I understood everything. Answers and corrections are greatly appreciated.
Here we go:
-
To use https I need to generate ‘private’ and ‘public’ keys for the web server I use. In my case it’s apache (manual: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html)
-
Https protocol should be bound to port 443.
Q: How to do it? Is it done by default? Where can I check configuration?
-
Aplying https.
Q: If I see https in browser does it mean that the data traffic on the page IS encrypted? Any form on the page would submit data via https?
-
Though all the data gonna be encrypted, the browsers would still show ugly red messages. This is just because they do not know anything about my certificate. They have about a hundred certificates pre-installed but mine is not one of them, obviously. But the data IS encrypted by https.
-
If I want browsers to recognize my certificate, I would need to have it signed by one of the certification authorities (ca) that has its certificate pre-installed (e.g. thawte, geotrust, rapidssl etc).
UPD: To read about ssl/tsl: The First Few Milliseconds of an HTTPS Connection, I found it very informative. PHP code examples of how to make use of ssl/tsl cryptography on the server side are published here.
Best Answer
Answers (kind of):
I hope that helps. I know that many of the things I wrote may be not precise enough, but I don't know how broad your current knowledge on the subject is.