HTTPS is HTTPS over SSL or TLS or simply speaking - secure and encrypted option for HTTP protocol. You might want to set this up mainly for:
- secure webshop operation so that all the information such as passwords, credit card details etc. between the end user and server is enrypted
- REST API connection using OAuth protocol that is possible only over HTTPS as login tokens are sent in the HTTP requests and thus are sensitive
Encryption is provided using a pair of two keys - private and public keys. These keys can be signed or approved by a Certification Authority such as Global Sign, Comodo, Verisign or others ensuring that the end user will be able to make sure that the server or website is actually who they say they are. This is usually a fairly expensive service, but there are also free alternatives although not as convenient:
- using letsencrypt.com free service
- issuing a self signed certificate which is good enough if you wish to create HTTPS connection only for known parties such as your server and a known third party e.g. REST API resource consumer
Step-by-step guide
Related articles