Why does a website need security certificate?
Attackers often create malicious sites to gather your information. You should always be cautious while entering your information on any website. Security can be ensured by checking that the website content is in encrypted form. Two elements that indicate a site uses encryption are:
- a closed padlock, located in the status bar at the bottom of your browser window or at the top of the browser window between the address and search fields
- a URL that begins with “https:” rather than “http:”
Can you trust a certificate?
Having or not having a certificate is a secondary thought. When you open a URL your browser checks the following:
- the web site address matches the address on the certificate
- the certificate is signed by a certificate authority that the browser recognizes as a “trusted” authority
If the web address matches the address on the certificate, the certificate is signed by a trusted certificate authority, and the date is valid, you can be more confident that the site is genuine. However you can only be absolutely sure when you personally verify that certificate’s unique fingerprint by calling the organization directly. The question that arise before that is how trustworthy is this certificate. By default, your browser contains a list of more than 100 trusted certificate authorities.
How do you check a certificate?
The information of a website certificate can be checked in the menu under the file properties or the security option within page information. Following details would be included under the information:
- who issued the certificate – You should make sure that the issuer is a legitimate, trusted certificate authority (you may see names like VeriSign, thawte, or Entrust). Some organizations also have their own certificate authorities that they use to issue certificates to internal sites such as intranets.
- who the certificate is issued to – The certificate should be issued to the organization who owns the web site. Do not trust the certificate if the name on the certificate does not match the name of the organization or person you expect.
- expiration date – Most certificates are issued for one or two years. One exception is the certificate for the certificate authority itself, which, because of the amount of involvement necessary to distribute the information to all of the organizations who hold its certificates, may be ten years. Be wary of organizations with certificates that are valid for longer than two years or with certificates that have expired.