Guard Privacy & Online Security News & Information

Guard Privacy & Online Security Home : Guard Privacy Blog Home : January 2009

January 5, 2009 21:27 - Understanding Web Site Certificates

What Is A Website Certificate?
For an organization to have a secure website, it needs to use encryption with a site, or host, certificate.

By using encryption, data transfers remain invisible to would-be malicious hackers... so check whether the site you're visiting uses encryption by looking for either a closed padlock in the status bar at the bottom of your browser window, or "https:" rather than "http:" in the URL.

If a website has a valid certificate, it means that a certificate authority has taken steps to verify that the web address actually belongs to that organization. When you type a URL or follow a link to a secure website, your browser will check the certificate to ensure that...

  • The website address matches the address on the certificate

  • The certificate is signed by a certificate authority that the browser recognizes as a "trusted" authority

Can A Certificate Be Trusted?
If the web address matches the address on the certificate, the certificate is signed by a trusted certificate authority, and the date is valid, you can be more confident that the site you are visiting has a verifiable identity.

Remember, though, that certificate authorities vary in their methods of validating their data is secure... and by default, your browser contains a list of more than 100 trusted certificate authorities.

How To Check A Certificate?
There are two ways to verify a web site's certificate in Internet Explorer or Mozilla...
  • The first is to click on the padlock in the status bar of your browser window. However, attackers may be able to create malicious web sites that fake a padlock icon and display a false dialog window if you click that icon.
  • A more secure way to find information about the certificate is to look for the certificate menu options. This information may be under the file or the security option within the page information and will inform you - via a dialogue box - who issued the certificate, who the certificate is issued to and the expiration date.
When visiting a web site, you may see a dialog box that claims that there is an error with the site certificate. This may happen if the name the certificate is registered to does not match the site name, or the certificate has expired.

There usually is the option to examine the certificate and giving you the choice of accepting the certificate forever, for that particular visit only, or not accepting it at all. If unsure whether the certificate is valid or unsure about the security of the site, ensure that you do not submit personal information.

This article is produced by US-Cert

To reference this entry please copy the url in this link: (Permalink)

October 2008 « 


RSS Feed For This News

Guard Privacy Blog Home | Archives | Guard Privacy... Hot New Topics | Internet Privacy & Security Risks... News! | Spyware & Spyware Blockers... News! | | Guard Privacy From Spyware | Guard privacy With Anonymizers