Posted on: April 26, 2011
Understanding Website Certificates
Posted by: Brett Bisbe
Read Time (bolded): 3 Minutes
Read Time (Comprehensive): 5 Minutes
Fortunately for the amateur web-surfer, a good deal of reputable websites are interested in your protection as well (it makes them look bad if someone steals your credit card number from their site).
This is done partly by website certificates. These certificates are required of any site that wishes to use an encrypted (secure) connection.
There are two simple ways to identify if a site is secure or not:
• A closed padlock icon, either in the status bar at the bottom of your browser, or in the address bar at the top.
• The URL begins with “https” instead of “http.”
Don’t be fooled though, clever phishers and attackers are not beyond inserting fake padlocks, even forging look-alike certificates. If you really need to verify the security of a site you are visiting, the certificates themselves can be checked.
– Second: Who is the certificate issued to? The name on the certificate should be the organization that owns website (this is also information you can search for if something seems fishy).
– Third: What is the expiration date? If the expiration date on the certificate is passed, the certificate is no longer valid. Beware. Also, most certificates are only issued for one to two years. A certificate with an expiration date five years away just might be a fake.
This information will help you know which sites to trust, or at least how to check if a site is trustworthy. It’s never a bad idea to take a look at privacy policies, either.
As always, the best defense against online attackers is common sense. If a site doesn’t seem trustworthy, it probably isn’t.