1) What are the major differences between HTTP and HTTPS ?

2) Is it true that HTTP uses private encryption and HTTPS uses public and private key encryption ?

3) How is HTTPS is more secure than HTTP, since HTTPS suppose to prevent hacking when the data is being transfer from the client to the server ?

4) How do you set up an Apache web server to run HTTPS ?

1) encryption

2) no

3) https is more secure because it encrypts the data being trasnmitted over the wire, therefore making it (nearly) impossible for someone to see whats being transmitted, http however does not, and information sent over the wire is sent in 'cleartext' making it possible for anyone sitting inbetween the 2 transmitting nodes to 'sniff' the stream and potentially read everything your doing

4) I wouldnt recommend running EVERYTHING via https as it is slightly slower than http, only encrypt the data which you wouldnt want other people to see (customer cc numbers etc.) but if you want a guide check out http://www.ibiblio.org/pub/Linux/doc...che+SSL+PHP+fp

http is unencrypted traffic between client and web server. There is less overhead on HTTP packets than HTTPS. HTTPS is encrypted.

HTTP uses no encryption to speak of. Anyone who intercepts the packets can see any and all data. HTTPS does use asymmetric encryption to validate that the communications are travelling between the same two entities and thru an SSL "tunnel". Packets grabbed will be garbled.

see above

ssl.conf file

You said "http is unencrypted traffic between client and web server."

1) If a web site were using HTTP, then user account and password and what is purchase and for how much is encrypted and is sent over the internet along with unencrypted information (such as font color, font size and so forth). Am I right ?

2) When I visited a site that uses HTTPS, it would say https://www.abc_sell.com . Is this correct ?

3) When I purchased something over the internet, or conduct banking transaction over the internet, do they always use HTTPS or do they use HTTP with only sensitive information encrypted ?

4) What is the difference between HTTPS and SSL ?

5) Does HTTPS uses just private key encryption or a combination of public-private key encryption ?

If a site is HTTP, any info you send is in clear text, user names, passwords, everything.

Correct, HTTPS denotes the use of SSL tunnel (Secure Socket Layer)

If you notice when on a banking site or making a purchase, the base site is HTTP but when you are to go to make a purchase or login to your account it switches to HTTPS.

HTTPS denotes the use of the Secure Socket Layer (SSL) generally on port 443. Consider that a "tunnel" between browser and web server, like a VPN.

The second layer of trust is established via the use of cerificates. The web server uses a certificate that the browser trusts. All communications between the two are considered valid and trusted.

To learn more about encryption, check out my page:

Crypto for the masses

Pub/Priv or asymmetric with a root auth certificate on the web server.

If you want to set Apache up to only listen for HTTPS requests, first set it up to work with HTTPS (generate certificate, modify ssl.conf etc.) then in httpd.conf, comment the line that says

Listen 80

then if you nc 127.0.0.1 80 it should refuse the connection, but nc 127.0.0.1 443 should let you in, though it won't understand an HTTP request.

HTH

B.