HyperText Transfer Protocol Secure, also known as HTTPS, is an extension of HTTP, the acronym for Hypertext Transfer Protocol.
But what is a protocol in the first place? Well, it's nothing more than a set of rules which tell Internet-connected devices how to communicate with each other.
HTTP uses Transmission Control Protocol (TCP) to connect clients (web browsers, etc.) to the desired servers. The client will send a message to the target HTTP server, and that server will reply by sending back the requested data.
While TCP has seen some improvements over the years, its core authentication and data transmission mechanisms haven't changed for way too many decades. The protocol continues to work okay, but it's not secure enough in a world in which more than 50% of people use the Internet to purchase all sorts of goods and services. If a site utilizes HTTP, it isn't required to use an SSL certificate; however, secure sites that are stored on HTTPS-enabled servers must utilize SSL certificates, which are signed by authorized companies called Certificate Authorities, or CAs.
With HTTP, the data that's sent back and forth between servers and Internet clients travels across the world wide web in its plain, unencrypted form. This means that any hacker who is able to intercept that data stream can see its content, getting access to credit card information, various account passwords, and so on.
HTTPS is an advanced, secured version of HTTP. It encrypts all the data that's transferred between a secure server and an Internet browser, for example, by making use of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. SSL/TLS allows people to transmit sensitive information, such as online banking data, without fearing that it may fall into the wrong hands.
HTTPS sites use the same TCP protocol that's utilized in conjunction with HTTP to send and receive data on the web, but they make use of a different port. Servers can use either TLS or SSL to encrypt their messages and responses.
An SSL certificate helps create a secure connection from source to destination, and Internet browsers will usually display green padlocks to highlight secure, HTTPS-based connections. Secure Sockets Layer certificates use two keys, with one of them being public, and the other one private.
The public key will be shared with any of the web clients by making use of the SSL certificate. The private key is in fact a text file which shouldn't be shared with anyone; its role is to store the site's unique digital signature, thus preventing other people from impersonating the owner.
CAs will generate all the needed certificate files, including all the required data structures and the public key; the private key, which authenticates the website to all its Internet users, will be generated anytime the certificate owner issues a Certificate Signing Request (CSR).
Once that the website owner receives the SSL certificate and installs it on the server that hosts his/her site, web browsers will check the organization which has signed it digitally against a list of trusted CAs. If a match is found, the site is deemed to be safe, because the CA that has issued the SSL certificate is trustworthy.