What HTTPS is and why you should know about it

I know people would think that this article is only relevant for web designers or coders etc, but I strongly disagree because it’s actually not. I believe that at some point everyone will need to build their online presence (whether as a startup, business or individual) so whether you’re going to build it yourself, or hire someone to, you will need this information.

Now you might be wondering why on earth you need to know if you’re going to hire. Well, not to sound paranoid or anything but people do capitalise on ignorance. Before purchasing any particular product or using a service, you need to have substantial knowledge on it so that you’re not cheated – ask anyone who’s bought a second hand phone or car from some not-so-orthodox source.

Besides, this information will not just help you build a secured site (if need be), but it will also help you pay attention as to which sites you can trust especially when entering sensitive information such as when logging in or purchasing items online. Initially, there wasn’t a lot of e-commerce going on in Zim, but now thanks to the increased internet penetration and of course the introduction of the ecocash debit card e-commerce is becoming a thing. Therefore, whether you are the retailer or the buyer you need to start paying attention to such.

Added to that, having https will optimise your online presence as Google considers this as a ranking factor in the ranking of a site in its search results.  Visitors to your site will also prefer using a site that makes them feel secure when transacting, than one that doesn’t.

For starters, Hyper Text Transfer Protocol (http) is the method by which data is moved around the Web (you can check it out on your browser bar). http is fast and good to use unless of course you now need people to enter their personal/sensitive information such as email addresses, passwords, and payment details etc. because then, you’d need the secure version of http which is https (s standing for secure). https is secured by an SSL (Secure Socket Layer)  certificate which contains both public and private encryption keys that are long strings of alphanumeric characters used to encrypt data in a way that’s very hard to crack thus making it ideal for protecting sensitive data.

Also, https prevents censors from seeing which page on a website a user is viewing, leaving them (the censors) with only two choices that is to either block the whole site which isn’t really practical or simply allow access to all pages. See why as a Zimbabwean it’s important to have https?! – it’s probably an inside joke.

In order to get the SSL required to get https, the website host needs to have its own dedicated IP address hence the first step is to ensure that your website has its own dedicated IP address. Thereafter, you can buy the SSL certificate, activate it and install it. From there, you then can update your site to use https.

Well, that’s the simplified version of it but to be frank, it might prove to be less simple in practical because you might need to go through the process of choosing the appropriate SSL package for your site from what the SSL certificate vendors or hosting companies are offering (depending on where you buy your SSL certificate). Also, the fact that moving your site from http to https might just require more tech expertise than what most people ordinarily have.

Another thing to note is how to spot a secured site. So besides the secure https that appears on the site’s url, another way of spotting a secure site is by checking out the padlock symbol on the browser bar or looking out for the green colour to appear on the browser bar. However, some sites will just have the whole website as https while others will then redirect you to a more secured page if you need to be entering any personal/sensitive information so just be on the look-out particularly if you’re using the site for the first time.

,

5 comments

  1. Beaton Nyamapanda

    Good article. However a few points to consider:

    Ever heard of LetsEncrypt (https://letsencrypt.org/)?

    A few of your paragraphs might need to be modified if you read more about it. I have over 40 websites running over 3 servers and all of them have SSL which I go for free and with no need for a dedicated IP address of need to buy anything.

    Whilst on the issue of censorship, companies generally have the ability to add trusted root certificates and then reissue certificates for your browsing sessions meaning despite it being a secured session, they can see all the traffic that originated and went to your computer. This is also something that Antiviruses do to filter and protect your machine despite the existence of secured traffic. Just another small side note you could have added.

    Also not sure if your article was targeted towards web masters or the general public.

    1. tinonetic
  2. tinonetic

    It’s not true that you need a dedicated IP to have an SSL certificate assigned to your domain. In your typical shared hosting scenario, used by most hobbyists or DIY website owners, each domain hosted can have its own SSL certificate through the Server Name Indication (SNI) protocol.

    An ideal scenario would be to have a dedicated IP but it is not a limitation.

  3. help

    “Visitors to your site will also prefer using a site that makes them feel secure when transacting, than one that doesn’t.” Terrible engrish! Maybe this would work: “Visitors to your site will also prefer using a site that makes them feel secure when transacting, as opposed to that doesn’t”

    1. help

      “Visitors to your site will also prefer using a site that makes them feel secure when transacting, as opposed to one that doesn’t” that’s better, left out the “one”

2023 © Techzim All rights reserved. Hosted By Cloud Unboxed

Exit mobile version