• Understanding Website Certificates

    Read Time (bolded): 3 Minutes

    Read Time (Comprehensive): 5 Minutes

    The Internet can be a dangerous place. We’re constantly reminded to update our antivirus software, to maintain the firewall, to protect our identities at all costs.

    Fortunately for the amateur web-surfer, a good deal of reputable websites are interested in your protection as well (it makes them look bad if someone steals your credit card number from their site).

    This is done partly by website certificates. These certificates are required of any site that wishes to use an encrypted (secure) connection.

    There are two simple ways to identify if a site is secure or not:

    •      A closed padlock icon, either in the status bar at the bottom of your browser, or in the address bar at the top.

    •      The URL begins with “https” instead of “http.”

    Don’t be fooled though, clever phishers and attackers are not beyond inserting fake padlocks, even forging look-alike certificates. If you really need to verify the security of a site you are visiting, the certificates themselves can be checked.

    By clicking on the padlock in browsers like Chrome, Internet Explorer, and Firefox, you can take a look at the certificate details. To verify the certificate’s authenticity, look at this information:

    – First: Who issued the certificate? The issuer should be a certificate authority like VeriSign or Entrust (you can always search the name of the issuer if you’re at all unsure).

    – Second: Who is the certificate issued to? The name on the certificate should be the organization that owns website (this is also information you can search for if something seems fishy).

    – Third: What is the expiration date? If the expiration date on the certificate is passed, the certificate is no longer valid. Beware. Also, most certificates are only issued for one to two years. A certificate with an expiration date five years away just might be a fake.

    This information will help you know which sites to trust, or at least how to check if a site is trustworthy. It’s never a bad idea to take a look at privacy policies, either.

    As always, the best defense against online attackers is common sense. If a site doesn’t seem trustworthy, it probably isn’t.

We help manage your business, so you can focus on the things that are important.

Get in Touch With Us Today ›