HTTPS: What is HTTPS and how to migrate your website ? Today, for webmasters it is impossible to miss the Https. Whatever your level of use of the web (enlightened amateur, exalted Internet user, second-hand blogger or digital professional), you have inevitably been confronted with this protocol for securing websites. If only by seeing these five letters displayed on the far left of the URL address bar on your browser.
You can see that the https protocol is well present on my site! You can click on the padlock to see also that it is well installed on my site
It is very important to take a close look at HTTPS since Google has made it a key criterion of its ranking algorithm via its Chrome browser. In early 2014, the web giant had announced an emphasis on sites protected via the HTTPS protocol. This has encouraged webmasters to migrate their sites to the https protocol and thus secure their connections.
Of course, Google is not the only reason for this massive migration.
Other factors have played a role in this transformation from a wild web to a more civilized web: initiatives making it easier to access HTTPS, appropriate measures taken by other browsers, etc.
However, it is essential to ask three questions: what exactly is HTTPS? And how to organize this migration to HTTPS?
What is the HTTPS protocol?
The HTTP Protocol
The HyperText Transfer Protocol (HTTP) is the most widely used protocol on the Internet since 1990. Version 0.9 was only intended to transfer data over the Internet (especially web pages written in HTML]. Version 1.0 of the protocol (the most widely used) now allows the transfer of messages with headers describing the content of the message using MIME-type coding.
The purpose of the HTTP protocol is to allow the transfer of files (essentially in HTML format) located by means of a character string called URL between a browser (the client) and a Web server (called httpd on UNIX machines).
The main problem with HTTP is that these exchanges are open to everyone, i.e. they are not encrypted and therefore it is easy to retrieve these data. Anyone, technically, can get in the way of the communication and retrieve the information that circulates, like someone listening to a conversation on the phone.
Rest assured, in most cases, it’s not that serious: if you read an article on a newspaper’s website, you’re not exchanging personal data that could be misused. But things become more complicated when you log on to your insurance site: if someone gets their hands on your information (for example, your account number or accesses), the consequences can be serious.
The main flaw of the HTTP protocol is therefore its lack of security. And that’s where HTTPS comes in.
The HTTPS protocol
The HyperText Transfer Protocol Secure (HTTPS) protocol was developed to overcome the security problem posed by HTTP.
HTTPS, in reality, is just an HTTP protocol to which a secure layer called Transport Layer Security (TLS) has been added. This acts as an encryption key that encrypts the data exchanged between the server and the client.
The HTTPS protocol allows to :
- Secure the data that circulates between a website and a browser so that no one can access and misuse it. The information exchanged is encrypted and the encryption key is known only to the server and the client.
- Guarantee the identity of the website consulted, so as to be sure that it is the one whose URL is displayed. This point is essential, since it allows the Internet user to ensure that he or she is surfing on the site of his or her bank, for example, and not on a platform created from scratch to deceive him or her.
The HTTPS protocol uses an SSL (Secure Socket Layer) certificate which enables the TLS security layer to be applied. This electronic certificate is applied to the site to secure data exchanges by encrypting them using an asymmetric encryption key. A site protected by an SSL (or TLS) certificate displays the famous padlock proving that it is secure.
To do this, you must first obtain this certificate: this is what enables you to activate the appropriate protocol. We speak indifferently of SSL or TLS certificates, but it is important to know that the SSL protocol is no longer current since it has been replaced by TLS, a more secure version based on the same principle.
There are several types of SSL certificates that are more or less secure:
- The free SSL certificate (Let’s Encrypt type)
- The Extended Validation Certificate (Extended SSL)
- The Organization Validation Certificate (Organization SSL)
- The Domain Validation Certificate (Domain SSL)
- The multi-domain certificate (WildCard)
These certificates are issued by specific bodies, the Certification Authorities (CA) :
The cost of an encryption certificate can be free of charge but can also be worth several thousand euros. The price varies according to the reliability of the certificate, i.e. the level of verification reached before it is issued: this verification ranges from a simple email sent to the applicant to a multitude of documents to be provided. It also varies according to the CA chosen.
How to migrate your site from HTTP to HTTPS?
The switch from HTTP to HTTPS is similar to a site migration. Concretely, here are the different steps to be carried out for the migration:
- Buy an SSL certificate and install it on your website.
- Modify your internal URLs so that all your resources are served in HTTPS.
- Set up 301 redirects from HTTP URLs to HTTPS URLs. This allows you to maintain the SEO of your pages throughout the migration.
- Make sure that your canonical URLs point to your HTTPS pages. This way, you will have less worries about duplicate URLs.
- Make sure your HTTPS pages are indexable.
- Enable the HSTS (HTTP Strict Transport Security) mechanism to inform the client that interactions will now be done over a secure connection.
Once the migration is complete, I advise you to make several checks to avoid potential problems:
- Throw a crawl to make sure there are no mistakes.
- Create a new Search Console and follow the indexing of the pages in HTTPS, comparing with the old version.
- Check and correct the URLs of the links pointing to your site, so that they are all in HTTPS.
- Update the external plugins of your CMS to make sure they are compatible with the new protocol.
- Modify your settings in Google Analytics so that the platform takes into account pages in HTTPS, especially in order to follow the evolution of traffic.
- Measure the loading times of your HTTPS pages. Migration may be accompanied by a general slowdown due to additional negotiations between server and clien
I hope this article has helped you in your website migration. If you wish to learn more about the subject I invite you to read this book (As an Amazon Partner, I make a profit on qualifying purchases) :