The S in HTTPS stands for secure. It means HTTP over SSL (Secure Sockets Layer).
- The browser requests a secure page from the server
- The server responds with its public key with its SSL certificate which is digitally signed by a third party CA (Certificate Authority).
- The browser contacts the CA to make sure the certificate is valid. Browsers typically store many CA's public keys.
- The browser creates a symmetric key or shared secret. It encrypts it with the server's public key and sends it to the server.
- The server uses its private key to decrypt the shared key.