What is the difference between http and https in programming?

1). Websites using the HTTPS protocol use a certificate, issued by a trusted third party (or a “certificate authority”), which contains a public key (see: Public Key Infrastructure). The public key is paired with a private key, and information encrypted with the private key can only be decrypted with the public key. This is used to confirm that the server is the holder of the private key (and is therefore the entity certified by the certificate authority). To use the HTTPS protocol, you must either generate or buy a certificate. It is more common to buy certificates rather than generate them, for various reasons.

2). HTTPS communication is encrypted. The keys associated with the certificate don’t do the encrypting, instead the browser and server use a scheme such as Diffie-Hellman Exchange to make a key that is used in encrypting communications. This is important, because anyone with the public key can decrypt things encrypted with the private key.

3). Information sent from the browser is encrypted by the browser and decrypted by the server. Your web server software will decrypt the information; the information received will appear no different from standard HTTP traffic.

4). Yes, you can force HTTPS. You can do this either through your server software (e.g. RewriteRule in Apache, with a RewriteCond checking for HTTPS), or through HSTS, which involves sending a specific header. If you send an HSTS header in a browser supporting HSTS, the browser will automatically redirect from HTTP to HTTPS (see: HTTP Strict Transport Security).