HTTPS Protocol

HTTP (HyperText Transfer Protocol) is the protocol that enables communication between a browser and a web site. The HTTPS protocol secures this communication by means of the TLS (Transport Layer Security) protocol and digital certificates.

When the browser requests an HTTPS connection to a web resource, the web site sends its certificate, which contains the public key needed to begin the secure session, to the browser. During this initial exchange of information, the browser and the website negotiate the encryption to be used (known as the TLS handshake), and then establish a secure, encrypted connection between the browser and the web server.

A secure connection is requested by specifying https:// in the URL of documents or web pages that are protected by a secure connection. When the secure connection is established, a padlock appears in the URL bar.

HTTPS and HTTP are different protocols that use different ports, so it is possible to have both a secure and non-secure connection to the same web server. This is how a web shop allows users to browse and search the site without security, but protects sensitive data when filling out order forms and sending credit card numbers.

Uniface uses the open-source libcurl library (curl.haxx.se/libcurl/) to implement HTTPS transport for web applications and web services. This is used by the UHTTP component (for web applications and RESTful services) and the WSDL import facility and SOAP connector (for SOAP-based web services). For more information, see UHTTP, Importing WSDL Definitions for Web Services, and SOAP Connector.

Uniface applications that need to access HTTPS sites must have the appropriate certificates available. Local certificates must be stored in a ca-bundle.crt file. This file is not delivered as part of the installation, so you need to create it and copy it to the common\usys directory. For more information, see HTTPS Verification for Web Services.

Related Topics