The HTTPS protocol is the HTTP protocol secured by an SSL/TLS connection. It should be used for when usernames and passwords (as well as any other sensitive data) is sent via HTTP. A server certificate is required for HTTPS, and one is generated on installation and can be modified via Settings->FTP/FTPS->Advanced FTP/FTPS Settings->Security Settings. The default certificate does not have your hostname, and so browsers will raise a warning when the site is navigated to using HTTPS. A certificate authority (CA) must be contacted to purchase a certificate for your domain to remove the browser warning. To do this, a Certificate Signing Request (CSR) must be sent to the CA. See how to generate a CSR for more details.