3 min to read

Understanding HTTP and HTTPS Protocols

A comprehensive guide to HTTP, HTTPS, and SSL/TLS implementation

Featured image


🎯 Overview

HTTP (Hypertext Transfer Protocol) and HTTPS (Hypertext Transfer Protocol Secure) are protocols for transmitting data over the internet. Let’s explore their differences and implementation.


🌐 HTTP (Hypertext Transfer Protocol)

HTTP

📝 Concept

- Protocol defining data transfer between web browsers and servers
- Supports HTML, images, video, audio, and other content types
- Transmitted as unencrypted text (security vulnerable)

⚙️ Working Process

1. Client sends HTTP request message:
   - Contains HTTP method (GET, POST, PUT, DELETE)
   - Includes request URI

2. Server processes request and sends response:
   - Contains status code (200, 404, 500)
   - Includes response body

3. Client interprets response:
   - Processes received data
   - Makes additional requests if needed

🔑 Key Characteristics

- Stateless protocol
- No storage of previous requests/responses
- Uses cookies/sessions for state management

🔒 HTTPS (Hypertext Transfer Protocol Secure)

HTTPS

📝 Concept

- Secure version of HTTP
- Uses SSL/TLS for encryption
- Verifies server identity through certificates
- Protects sensitive information
- Prevents man-in-the-middle attacks

🛡️ SSL/TLS Overview

- SSL: Developed by Netscape (1995)
- TLS: Successor to SSL (1999)
- Uses public key encryption
- TLS recommended over SSL for security
- Essential component of HTTPS

⚙️ Working Process

1. Client connects to HTTPS server
2. Client requests server's public key
3. Server sends SSL/TLS certificate
4. Client verifies certificate
5. Client generates session key
6. Client encrypts session key with server's public key
7. Server decrypts session key
8. Secure communication begins


📊 HTTPS Working Process Flowchart

graph TD; A[🔗 Client connects to HTTPS server] --> B[🔑 Client requests server's public key]; B --> C[📜 Server sends SSL/TLS certificate]; C --> D[🔍 Client verifies certificate]; D --> E[🛠️ Client generates session key]; E --> F[🔒 Client encrypts session key with server's public key]; F --> G[🔓 Server decrypts session key]; G --> H[🔐 Secure communication begins];


🛠️ Implementation Guide: Apache SSL/HTTPS Certificate

1. Install OpenSSL and Enable SSL Module

# Install OpenSSL
sudo yum -y install openssl

# Verify installation
rpm -qa |grep openssl

# Install mod_ssl
yum install mod_ssl

# Check mod_ssl.so
cd /etc/httpd/modules/
ls mod_ssl*

2. Generate Private Key

openssl genrsa -des3 -out server.key 2048

3. Create Certificate Signing Request

openssl req -new -key server.key -out server.csr

# Required information:
Country Name: KR
State: Seoul
Locality: city
Organization: company
Unit: section
Common Name: somaz
Email: somaz@gmail.com

4. Remove Password from Private Key (Optional)

cp server.key server.key.origin
openssl rsa -in server.key.origin -out server.key

5. Generate Certificate

openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

6. Copy Certificates

cp server.key /etc/httpd/conf/
cp server.crt /etc/httpd/conf/

7. Configure Apache

# /etc/httpd/conf.d/ssl.conf
Listen 443 https
<VirtualHost *:443>
    ServerName www.somaz.com
    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/server.crt
    SSLCertificateKeyFile /etc/httpd/conf/server.key
    SSLCertificateChainFile /path/to/intermediate.crt
    
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    DocumentRoot /var/www/html
    
    SSLCompression off
    SSLSessionTickets off
    SSLUseStapling on
    SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
</VirtualHost>


📚 Reference