Tip #4307 - Web Site Certificates
Printer Friendly Version | E-Mail This Tip
Q:
Can you please go over what Web site certificates are? I'm having
a little trouble understanding their purpose. Thanks for all your
help!
A:
Wow, you guys come up with some really great
questions! I have to tell you, the Q&A section of the newsletter
is my favorite, because often times, the questions that are asked
are ones that can help everyone. They're not just about one person's
computer or about one specific problem someone is having. No, you
all ask questions about very broad topics and that's perfect for this
part of WorldStart's newsletter. We want to help as many people as
we can and I truly believe we're doing that by answering the questions
you ask. And today's topic is no exception. You
asked about Web site certificates and that's exactly what you're going
to learn all about today!
First
of all, if a certain company or organization wants their Web site
to use encryption and be secure, they must obtain a site (or host)
certificate. If they don't, they will not be registered as a secure
Web site. So, how do you tell if a site is secure or not? Well, we've
gone over this before, but let's cover it one more time, just to be
sure we're all on the same page. There are two things you can check
on to find out if a site is secure or not. The first is a little yellow
padlock in the bottom right corner of your Web browser. The padlock
should be closed (locked) as well. The second is how the Web site's
URL reads. On a secure site, the very beginning part will always be
"https," rather than just "http." That extra "s"
makes all the difference when it comes to security.
So,
if you're visiting a site and you see either of those things, the
site will have a certificate. You can view the certificate by double
clicking the yellow padlock. Once you do that, a certificate dialogue
box will pop up and you can read all about it. It will tell you the
purpose of the certificate, who it's issued to, who it was issued
by and when it expires. (If the site you're on just uses the "https"
method, just double click in the area where the padlock usually sits.
Doing that will bring up the same certificate box for you). For example,
when you purchase something from WorldStart's software store, the
checkout page is secure. If you double click the padlock on that page,
you will be able to see our certificate.
Another way you
can view a site's certificate is through your browser's menu options.
In Internet Explorer, go to File,
Properties and then click on the Certificates
button. The same dialogue box will then come up for you. In Firefox,
go to Tools, Page Info and then
click on the Security tab. You can then click on
the View button to see that site's certificate. That
may be an easier way for you to access the certificate information.
Site certificates
are mainly put in place to protect users from malicious attacks and
identity theft. For instance, if we here at WorldStart didn't have
a certificate on our checkout page, hackers could get in and steal
your credit card number and any other information they wanted from
you. That goes for any Web site that sells products or asks you for
any personal information. It's very important to check the sites you
visit to see if they're secure or not. If you don't, you could be
putting yourself at risk for big trouble. All you have to do is glance
toward the top or bottom of your browser to make sure it's protected.
I mean, what's a few seconds when it comes to your safety?!
If a Web site
has a certificate, that means they have registered their site and
everything has been approved. There are two things that have to be
done before a site is approved. The certificate authority has to make
sure the Web address given matches the address on the certificate
and they have to sign the certificate so that it can be recognized
as a trusted authority. You can look for both of those things when
you look at a site's certificate as well. So, I'm sure you're probably
wondering how much you can really trust a site's certificate, right?
Well, the trust you have for a site really depends on how much trust
you have for the company you're dealing with, but if all the information
matches up and the date on the certificate is valid, everything should
be just fine. The only other way to be sure is to call the company
yourself and check on their site regulations. It's your call!
Now, there may
be times when you run into a certificate error. That could be caused
by various things, such as the names on the certificates not matching
up or if the certificate has expired. If an error occurs, you will
always have the opportunity to look over the certificate and you can
then either accept it for good, accept it for that particular visit
only or you can choose not to accept it at all. From there, you can
choose whether or not to trust the site. If you do, you can go about
your business, but if you don't, you should refrain from submitting
any personal information. Along with checking on a site's certificate,
you should also read their Privacy Policy. Keeping yourself safe is
the most important thing and you should do whatever it takes to stay
that way.
So, now that you
know all about Web site certificates, you may want to go and check
on some of your favorite sites. Are they secure? Check it out!
~ Erin
Want To Comment On This Tip? Click Here! We'd love to hear from you :-)
Like These Tips? Get 'Em Free In Your E-mail
