There are many versions of online inquiries, here is a summary:
1. As far as the transmission protocol and port are concerned, http is the HTTP protocol running on top of TCP, and the port is 80; https is HTTP running on the SSL/TLS, SSL/TLS running on the TCP, and the port used is 443.
2. As far as transmission content and identity authentication are concerned, the content transmitted by http is in plain text, and neither the client nor the server can verify the identity of the other party. The content transmitted by https is encrypted, and the encryption adopts symmetric encryption. But the symmetric encryption key is asymmetrically encrypted with the server's certificate. In addition, the client can verify the identity of the server, and if client authentication is configured, the server can also verify the identity of the client.
3. As far as the website authentication certificate is concerned. The http protocol does not require a CA to apply for a certificate. The https protocol needs to go to the ca to apply for a certificate. Generally, there are few free certificates, so a certain fee is required. This certificate is issued by the CA (certificate authority). Every time the website is linked, the website will first go to the CA to get a certificate, and then send the certificate to the customer to prove the correctness of the website. To add, google's https is issued by a CA of their own company.