HTTP, Hypertext Transfer Protocol

[Alex]

Most of you have noticed that almost every script just tests HTTP issues. I think it would be good to go over all issues on HTTPS. It has been found that in many cases the HTTP server and the HTTPS server replies in an unusual way.

What do you think about this?

[kev woodman]

What do you mean? What unusual replies do you get via HTTP or HTTPS?

[harry]

Alex, you mean to say about the difference in loading time, then its true. Generally for https pages it takes more time.

While using https try to avoid each page request for SSL as this may makes you pages slower to load and may use more bandwidth.

[kev woodman]

If you're talking about performance then Harry is right - you take a hit on HTTPS transfers because the data is encrypted.

[sanderson]

I too don't see any issues with http or https other than the performance. However you must not replace https with http, as in https all the data is encrypted. it helps you to maintain the secure environment. It is most essential for finance, banking and defense sectors.

[harry]

I don't think anyone would ever replace https to just http. Why should one ?
You know you have to pay certain amount to get SSl certificate for https.

[kev woodman]

You wold normally use http because you take a performance hit with https, however anything you send via http is unencrypted so there is a small chance that someone could use a packet sniffer to intercept your traffic. You don't need to have a certificate to use https but you probably wouldn't use it for an entire site unless you had some particular reason to do so.

[paul]

I agree with kev, you should have particular reason to use https, especially encryption is must if you have "ecommerce site" ( it has highest intrusion rates ) as you need to keep your session encrypted to send private information of your clients.

[kev woodman]

Absolutely, although even then I'd probably aim to deliver a mixture of http and https pages.

[paul]

Yep, I got your point, even paypal & amazon and many other trusted sites follow that.

[harry]

Quote:

Originally Posted by kev woodman

You don't need to have a certificate to use https

Kev, You have to buy a SSL certificate to enable your https service.
Some host provide it free ( shared SSL ) or you may have a private copy by buying dedicated SSL certificate.

[kev woodman]

Sorry Harry, you are of course right. I should have been clearer.

[karimali831]

Something I want to know, stupid question but can I get SSL (https://) with my domain registrar or web host? Or does it depend on one another, or both?

[harry]

Quote:

Originally Posted by karimali831

Something I want to know, stupid question but can I get SSL (https://) with my domain registrar or web host? Or does it depend on one another, or both?

You can get SSL cert even from domain registrar if they provide so
Webhosting UK do provide SSL (Comodo) for £3.99 / Month.
Even you can buy SSL from other providers some of them are Geotrust, Verisign, Thawrte, Rapidssl and others, usually they won’t send the certificate before verification.

[karimali831]

But if your with another host, some host won't allow you to have SSL with other third parties, is this true? Or can I always get an SSL Cert even if my domain is with webhosting.uk.com and even if a webhost says that that I still can't get it?

My domain is hosted with webhosting.uk.com, how do I get a SSL Cert?