An SSL certificate is a server digital certificate that conforms to the SSL (Secure Sockets Layer) protocol. The SSL protocol was originally developed by Netscape Communications in the U.S. Its full name is Secure Sockets Layer. It specifies a layered mechanism to ensure data security between application protocols (such as HTTP, Telnet and FTP) and TCP/IP. It is a security protocol implemented on the transmission communication protocol (TCP/IP) and utilizes public key technology to provide data encryption, server authentication, message integrity and optional client machine authentication for TCP/IP connections. As this protocol could solve the problem of insecure plain text transmission over the Internet, it soon won industry-wide support and has now become an international standard. The SSL certificate is issued after a “trusted root certificate authority” in the browser verifies the server identity, and implements website identity authentication and encrypted transmission.
HTTP is a transmission protocol that has been in use for a long time. Data transmitted by the HTTP protocol is unencrypted, which means that passwords, accounts, transaction records and other confidential information provided by users are in plain text and may be compromised, stolen, tampered with or exploited by hackers at any time, making the HTTP protocol quite insecure for transmitting private information.
HTTPS is an SSL-based website encrypted transmission protocol. After the SSL certificate is installed on a website, access abiding by the HTTPS encrypted protocol can activate the “SSL Encrypted Channel” (SSL protocol) between the client browser and the website server, enabling encrypted transmission to prevent transmitted data from being compromised or tampered with. In simple terms, HTTPS is equivalent to HTTP + SSL and is an enhanced secure version of HTTP.