This section describes how Google Chrome shows a lock icon when you visit an 'https' Website to indicate that the communication is secured with data encryption.
As I mentioned earlier in the book, Web browsers play very important roles in using HTTPS
(Hypertext Transfer Protocol Secure) to secure Web communications.
Now let's see how Google Chrome, as a major Web browser, supports HTTPS.
1. Run Google Chrome and go to Yahoo home page at www.yahoo.com.
2. Click "Mail" in the Yahoo side menu.
3. After Google Chrome finishing displaying the login page,
look at the left side of the URL address box. You will
see a lock icon displayed next to the address:
What happened here was:
When the link "Mail" was clicked, Chrome was redirected to use this URL: https://login.yahoo.com/?.src=ym...
Since this is an HTTPS based URL, Chrome requested for the server, login.yahoo.com, to provide the server certificate.
Chrome validated the server certificate and found no issue.
Chrome created a one-time secret key, encrypted with server's public key and delivered to the server.
Server returned the login page document encrypted with the secret key.
Chrome and the server will continue to use this secret key to encrypt any data exchanged between them.
The lock icon at the left side of the URL address indicates that this page is secured with HTTPS.
If you click the lock icon, Chrome will provide you more security related information for this page.
See next sections for more details.