Menu
I use a HTTPS connection without a valid SSL certificate. Is the connection safe? Is the information encrypted?
323
You CAN'T use https without any certificate. You need either to buy a trusted certificate or create a self-signed one for testing. Part of configuring your web server to use https is to point it to the correct key files.
If you don't have an SSL certificate, your website may still function as always, but it will be vulnerable to hackers and Google will warn visitors that your website is not secure. Google also gives priority to websites that have an SSL certificate.
Technically speaking, HTTPS is not a separate protocol from HTTP. It is simply using TLS/SSL encryption over the HTTP protocol. HTTPS occurs based upon the transmission of TLS/SSL certificates, which verify that a particular provider is who they say they are.
SSL is a secure protocol that provides safer conversations between two or more parties across the internet. It works on top of the HTTP to provide security. In terms of security, SSL is more secure than HTTPS.
The connection is encrypted even if the SSL certificate isn't valid (expired, snake-oil, untrusted CA, etc.). The SSL certificate validation just makes sure you're connecting to the folks you think you're connecting to. Encryption doesn't do you any good if the folks decrypting your data are crackers instead of PayPal.
186
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
