HTTPS for the masses
A lot of traffic we send over the Internet tubes is not encrypted. This means that anyone can intercept our data and read it without us even knowing. There are some websites where this is absolutely not permissible, such as banking websites, or websites dealing with personal information. These websites encrypt their communication with their visitors over SSL, which is called HTTP with SSL, or HTTPS for short. You might have seen this in your browser in the address bar.
While HTTPS has been around from the early days of Internet, it has not been very commonly used due to the cost and infrastructure setup. Most websites don’t even need it, or think they don’t.
All that is changing now. HTTP/2, the newer standard of HTTP known for its performance works only with SSL in almost all browsers. Other features like service workers do not work without SSL either.
In the session, you will learn:
- The difference between HTTP and HTTPS.
- How does SSL work? We will touch on a bit of public key encryption to understand this clearly.
- Why do we need signed certificates?
- How do we get a signed certificate?
- How to use self-signed certificates for local development?
- We’ll see a demo of letsencrypt and its API to sign certificates and deploy them on a website.
- How to use modules like securepages to enable HTTPS on Drupal installations.