In the last 3-4 years there has been a lot of talk about encryption. Today we will discuss whether to trust a websites certificate or not. First let’s discuss what a certificate is for. The purpose of the security certificate is to encrypt the data that is being transmitted both to and from the web server and your computer. This prevents anyone from capturing that data and being able to read your personal information such as user and password. Occasionally you will visit a website that provides a prompt such as:
What this is telling you is that the security certificate is not being used for what the company issued the certificate for. A lot of times, this is due to the certificate being self-signed and issued. This means the certificate is not validated with a Root Certificate Authority, which acts as the master authority if the cert is valid or not. Self-signed certs are widely used internally to companies. If you are trying to use a website with any personal information, it should be using a valid certificate.
How can I verify if I am safe? If you are getting a certificate warning for any major website, stop and contact them. A lot of thieves will create websites that look similar to places such as banks, insurance, etc, in an effort to steal your information. The way you can tell if you are using a valid and secure site is to check the address bar. Below you will see a red strike going through the https of the URL. This means the website is not using a valid certificate. If you see a green HTTPS, this means the certificate has been validated and being legitimate and safe to use.
Not safe:
Safe:
If you see green it’s safe to go, if you see red and not sure STOP and contact the website provider to verify.
Danny McLean