How HTTPS Works
Short answer
HTTPS is HTTP + encryption. When you see the padlock in the address bar, it means everything you send and receive is encrypted. Neither your ISP nor a hacker at a coffee shop can read your data.
How a connection is established
Click “Next” to see each step:
Step 1: You enter the URL
The browser sends a request for an HTTPS connection
Two types of encryption
HTTPS uses both:
Asymmetric (public + private key) — like a mailbox. Anyone can drop in a letter (encrypt with the public key), but only the owner can retrieve it (with the private key). Used at the start to safely exchange the secret key.
Symmetric (one shared key) — like a shared safe password. Fast, but you need to securely exchange the key first. Used to encrypt all data after the connection is established.
What the certificate does
The certificate answers the question: “Is this really the site it claims to be, or a fake?”
- Issued by a special organization (Certificate Authority)
- Contains the site’s name and its public key
- The browser checks: is the certificate genuine? Not expired? Does it match the address?
- If something’s wrong — you’ll see a “Connection is not secure” warning
HTTP vs HTTPS
| HTTP | HTTPS | |
|---|---|---|
| Encryption | No | Yes |
| Traffic visible | Yes, to everyone along the way | No |
| Padlock in browser | No | Yes |
| Passwords & cards | Dangerous | Secure |
Remember
HTTPS is an envelope for your data. Without it, you’re sending a postcard that any mail carrier can read along the way. With it — a sealed letter that only the recipient can open.