HTTPS has gone mainstream and nowadays it's a good practice to serve a website via HTTPS. However, simply installing a TLS/SSL certificate may not be not enough to stay secure. It's important to understand how HTTPS works and how to configure it properly. In this talk we'll take a look at different types of SSL certificates, along with how to obtain a trusted SSL certificate and install it on the most common web servers/PaaS. Finally, we'll discuss the best practices surrounding HTTPS, including the HSTS headers, public key pinning, and common pitfalls such as the mixed security error.