Securing your application with TLS
If you are not encrypting traffic to your web application, you are doing something wrong. In order to protect information while it is in transit between the web browser and your application, it is an absolute necessity to add encryption. The international standard for doing that is known as TLS, which is a protocol for how data can be encrypted between two sources. Often, however, it will be referred to as SSL (which stands for Secure Sockets Layer and is an earlier protocol that TLS replaces) or HTTPS (which stands for HTTP Secure and is technically an implementation of TLS, not TLS itself). Since it is not important for us how it works and we only care that it does what it needs to do, we will use these terms somewhat interchangeably. Therefore, it is safe for you to think about TLS and HTTPS as the same thing.
So, what is it? The simple answer is that you request a pair of keys from some reputable source on the internet. Your next step is to...