What is HTTPS?
Https is an encrypted protocol that secures communication between computers. Thanks to that a person eavesdropping on communication between the browser and the server is not able to read the message, he only knows that such communication is taking place. We can tell if communication in the browser is encrypted based on the website address (it will contain the beginning "https: //" or the lock icon to the left of the address bar. Currently, most of the communication generated by browsers is based on the HTTPs protocol, unencrypted pages are increasingly less frequent.
This protocol primarily secures communication between computers. Importantly, the padlock icon in the browser does not mean that the computer is completely secured - the use of the HTTPS protocol only means that the person eavesdropping on the communication will not be able to decode it. Every personal message, every personal information and payments should be sent over an encrypted communication channel. Without this, the website owner risks leakage of customer data, which under the current regulations on the protection of personal data may have serious consequences. Google as a company also supports companies that use the HTTPS protocol by presenting higher-encrypted websites in their search results.
Is an HTTPS encrypted site a site whose identity I can trust?
Everything depends on the issued certificate. The highest level of security with a signed protocol for a given institution occurs in banking services. After entering the websites of banks such as mbank or pko, you can view security details and certificate details by clicking on the padlock. Each bank is required to use certificates assigned only to this institution, therefore, under the information about the certificate, there is information that the certificate has been issued directly for a given company. These types of certificates are very expensive and the company applying for them must undergo a verification process. In the vast majority of cases, websites and online stores use lower-level certificates, thus not guaranteeing the identity of the company. For comparison, the domain: pko.pl - this is a domain that does not belong to the PKO BP bank. there is no signed certificate ..pkobp.pl / ipko.pl - these are domains officially signed by Bank Polski SA. As you can see, the padlock icon is not a guarantee of identity. However, there is a mechanism built into the browser that does not allow you to replace the server with which the browser communicates. The certificate of each website is remembered, i.e. for the entire period of its validity, if we enter the website whose certificate has changed (because, for example, the domain owner has changed and the previous owner did not transfer the certificate to the new one), the browser will display an error window, asking if we really want to trust this site.
Does the certificate service have to be paid?
No. For several years, we have available services such as CloudFlare, which use their own certificate to sign pages, and there is also a mechanism of own creation of certificates - but it requires monthly renewal. Traditional methods of securing certificates are also available, but their cost usually exceeds the cost of renewing the domain itself (annually).
How does Cloudflare work?
Cloudflare is a service that acts as an intermediary in communication between two computers - the browser and the website server. All communication with the website server must then pass directly through Cloudflare's servers before reaching the end recipient. This action, which seems to extend communication between nodes, actually brings a lot of benefits.
1. Cloudflare can encrypt a website even when the website server is not certified.
2. All communication is checked for attacks and machine reading of the entire page. If increased traffic is detected, cloudflare can automatically block that traffic or display a captcha test
3. In the event of a server failure, Cloudflare may, with appropriate communication, display the last versions of the website remembered.
4. Cloudflare in the case of static resources such as jpg, png files, keeps copies of them on its servers, and sends them to clients without contacting the website server. This allows you to reduce the consumption of end server resources
5. The final IP address of the server is hidden behind the Cloudflare service - this means that hackers will have more problems with getting directly to the server, and when we want to change the end server address, the standard 48-hour wait for the propagation of new IP addresses will not be required in DNS
How To Use Your Free Cloudflare Account:
1. Create a cloudflare account via https://dash.cloudflare.com/sign-up
2. Log in and go to the domain adding panel. From https://dash.cloudflare.com/ click the "add a Site" button.
3. Enter the fully qualified domain name, without the "www" prefix and the protocol ("http" or "https"). Click the blue button "Add site"
4. Cloudflare will inform you about the new server names for the domain. In the new tab, open the administration panel of the website where you registered the domain. On this site, you need to set the nameservers to be identical to those listed on the cloudflare site.
5. Go back to the site tab with the cloudflare configuration. Confirm the change by pressing the confirm button. Your domain will now be managed by cloudflare.
6. To confirm that your site traffic is being redirected through Cloudflare, click on the "DNS" button in the top menu. Each "A" record should be "proxied". This means that traffic is redirected through cloudflare servers
7. Click the "SSL / TLS" tab in the top menu. This is where we configure the encryption of the website. Any setting other than Off will mean an encrypted connection.
If your server does not have any certificate, select the "Flexible" option
If your server has its own certificate but it is not registered anywhere (there was a certificate error every time you accessed the website - select the Full option)
If you have purchased a paid certificate, select the Full (strict) option
8. Additionally, you can now force rewrite all pages. Below the "SSL / TLS" button, select the Edge Certificates tab and select "Always Use HTTPS".
The settings can now be managed via the Unlimitree API. based on access to Cloudflare API, it can automatically manage domains, subdomains and email configuration using this service. We highly recommend using services such as Cloudflare - secure internet is the internet that more customers will want to use.
Are there other services like CloudFlare?
Yes, but no other company has such an extensive network of servers. Competitive services include:
Azure CDN
Amazon CloudFront
Google cloud CDN
This is not a complete list, and not all sites offer the same functionality as Cloudflare.