Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How does my browser convert my http request to https?

Friends I want to know for when a secured hosting is done, we require an unique ip address to associate our SSL Certificate to it. Also, I kinda read in one tutorial that when a browser requests for a secured conncetion then all the SSL process initiates. But how does a browser request for a secure connection. Don't we just write www.chase.com? And then our browser converts the http to https? Whats happening in the background?

like image 671
vinayvasyani Avatar asked Oct 07 '10 15:10

vinayvasyani


2 Answers

Step by step (Assuming HSTS header is not active in which it will automatically use https without making a http request):

  1. The client types www.example.com in the address bar
  2. The browser assumes HTTP protocol and sends a GET call to www.example.com
  3. www.example.com responds with a moved status code and gives the new location:

    HTTP/1.1 301 Moved Permanently
    Location: https://www.example.com/

  4. The browser reads that and knows that it must start a Secure HTTPS connection.

  5. ...and so on. This is where things get more complicated because the browser and the server exchange multiple messages until the secure connection is established.

Anyway, if what you need is to install an SSL / TLS certificate you must make sure that your client is redirected from HTTP to HTTPS. That should be accomplished from the server configurations.

like image 62
Alin Purcaru Avatar answered Nov 09 '22 03:11

Alin Purcaru


In your programming code, you evaluate the protocol and redirect using a 301 (server side). This is not done in the browser.

You can do this in ASP.NET in the Global.asax file
I'm not sure about other programming languages (PHP, Ruby, etc). Others can feel free to chime in and edit my answer with more examples if they please.

if(!Request.IsSecureConnection)
{
  string redirectUrl = Request.Url.ToString().Replace("http:", "https:");
  HttpContext.Current.Response.Status = "301 Moved Permanently"; 
  HttpContext.Current.Response.AddHeader("Location", redirectUrl);
}

I think you can do this by default in Apache using .htaccess, but as far as I can tell, if you want to do it in IIS you need to run an asp script or include it in your .net application. I could be wrong, but this is what I've come up against in my trials of this.

like image 26
Chase Florell Avatar answered Nov 09 '22 04:11

Chase Florell