Have you ever done shopping online? Do you do banking transactions through the Internet? Do you use popular services like Gmail, Facebook, PayPal, etc.? If so, you may have heard about SSL/TLS. SSL stands for Secure Sockets Layer and TLS is Transport Layer Security. These are encryption protocols that provide high quality security to sites that provide important services. TLS is simply the upgraded version of SSL, and there is no other difference between them.
Almost all secure websites out there use SSL encryption protocol, and the details of the protocol can be identified by your browser itself.
Let’s see how you can verify if a site uses proper SSL certificate and is hence adjudged secure.
The first step of identifying the website’s authority is done by the web browser itself. Most of the current browsers analyze the SSL/TLS details of a website before directing you to it. To get an idea, just visit your bank’s website. Most probably your bank will identify itself as a secure website. In certain cases, the secure connection is given when you are about to log into your online banking account.
The first step of identifying an SSL-enabled website is from its URL. The URL most probably will have Hypertext Transfer Protocol Secure (HTTPS) on it. As in https://www.facebook.com, the secure version of Facebook. When you go to this page, Facebook will automatically ask you if you want to enable SSL for future Facebook interactions. You can say yes.
If the website proclaims it is secure and doesn’t give ‘https’ in its URL, then you should be suspicious.
SSL on Browsers
All browsers out there can identify SSL and the data given by it. Digital certificates created by SSL providers for various websites can be verified on your browser. In Google Chrome, you will see a green ‘https’ lock icon on the address bar or the company name itself in green to identify valid SSL. If you click on it, you will see what kind of a digital certificate the website uses.
Also, Chrome has a number of warning messages and icons that can identify what a message actually means. For instance, https with an ‘x’ mark and a red strikethrough signifies high risk insecure content or problems with SSL certificate.
In the same way, a tiny yellow triangle above the lock icon indicates a certain amount of insecure content on the page.
In Firefox, the SSL is given in the same way on the address bar. The company name is given in green color.
In Internet Explorer, the entire address bar becomes light green in color when it identifies a secure connection.
When there is an error with the SSL certificate of a website, the browser provides you with an error message. For instance, go to the website “tv.eurosport.com” and you will be able to visit the page without any issues. Just add ‘https://’ to it (https://tv.eurosport.com), and your browser will display warning message.
Fetching SSL Details
There are different versions of SSL. Each upgraded version has added better security and protection against a prevalent threat. When you check the SSL digital certificate of a website, you will be able to get important information about the website, such as the name of the organization and its address.
To see the details of a digital certificate, on Chrome, simply click on ‘Certificate Information’ available under the connection tab that opens when you click on the green lock icon identifying the site.
In Firefox, click on ‘More Information’ and then ‘View Certificate’. And on IE, simply click on the lock icon and then ‘View Certificates’.
Once you get the digital certificate interface, you will find the details tab that lists some very important details. Here, you can find the validity and expiry date of the certificate, the entity to which it was issued, and the name of the issuer.
Besides your browser, you can use some online services that provide the details of a website’s SSL. Here are some of them:
SSL/TLS have evolved in different versions. It is good to know which version of the protocol your bank is using. To spot differences, read this technical PDF. Always go with proper security on online transactions. You should know how to identify dangerous websites. If you ever suspect a website of doing Phishing or spamming, immediately report it.