HomeHome : Monthly Tips : Aug 2020

Verify Secure Websites

August 2020 — Tip of the Month

There are two simple ways to verify a website is secure:

  1. The web address starts with https://
  2. There is a lock icon in browser address bar.

Some modern browsers, like Google Chrome, hide the URL prefix. In this case, you have to look for the lock icon.

Secure Website URL in Address Bar

The lock icon indicates a site uses the secure HTTPS protocol instead of standard HTTP. HTTPS encrypts all traffic between your device and the web server via SSL. The encryption requires a secure certificate, installed on the web server. Certificates may be generated automatically or purchased from a third-party certificate authority.

If you want to view more information about a website's certificate, click the lock icon in the address bar and select "View Certificate." The screenshot below displays information about the PC.net SSL certificate.

PC.net Secure Certificate Details

The certificate is issued by Let's Encrypt for PC.net. It is valid, but it is not specific to a company or organization. This type of auto-generated certificate is fine for most websites since the primary goal is to provide secure access to the site. E-commerce and financial sites, however, should have a third-party-issued certificate that matches the company behind the website.

Viewing Certificate Details

If you're unsure about a website's authenticity, click the lock icon in the address bar to view the certificate details.

First, check the "Issuer" information.

If the certificate is issued by a known authority, such as Thawte or DigiCert, it means a third party has verified the company's information and website.

Second, check the "Organization" details.

If the organization name matches the company behind the website, you can be confident the site is legitimate.

The web browser will automatically authenticate the validity of the certificate authority and make sure the certificate has not expired.

- Per Christensson