Where's Waldo's SSL certificate?

According to the HTTP standards, there are strict rules governing how clients and servers interact. Nothing in those standards, though, says that communication on either end needs to be encrypted.

Even if the protocol doesn't demand encryption, Sara does. To keep people like Sara from leaving, Waldo can encrypt his website, or parts of it, if he wants. He can use an SSL Certificate, just the way Sara and Rajiv did.

If Waldo uses an SSL Certificate to encrypt his website, the address that will show up in the browser bar will say https://www.waldossite.com. The HTTPS stands for HyperText Transfer Protocol Secure.

Now that he has an SSL certificate, the https: at the beginning of Waldo's website address tells the visitor that the information that the visitor enters on the website is securely encrypted. No one else can read the confidential information on it.

It's a good practice to check a website's certificate, just in case you've landed at a spoof website, sometimes called a "phishing" site. Click on the padlock. Your browser will show you the name of the owner of the certificate. It should match the name of the website.

And if Waldo uses a special SSL certificate called an EV SSL Certificate, then his browser will recognize the certificate and turn the address bar green, another signal to Sara that Waldo's is a safe website.

Congratulations! You now know more about HTTP, HTTPS and SSL certificates than most Internet users! This will help you protect yourself when you browse on the Internet.

Coming up:

  • How well do you understand HTTP, HTTPS and SSL? Quiz yourself.
  • Advanced HTTP, HTTPS and SSL for webmasters and web servers.