If an organisation wants to have a secure website that uses encryption, it needs to obtain a site, or host, certificate.
There are two elements that indicate that a site uses encryption:
By making sure a website encrypts your information and has a valid certificate, you can help protect yourself against attackers who create malicious sites to gather your information. You want to make sure you know where your information is going before you submit anything.
If a website has a valid certificate, it means that a certificate authority has taken steps to verify that the web address actually belongs to that organisation. When you type a URL or follow a link to a secure website, your browser will check the certificate for the following characteristics:
The level of trust you put in a certificate is connected to how much you trust the organisation and the certificate authority. If the web address matches the address on the certificate, the certificate is signed by a trusted certificate authority, and the date is valid, you can be more confident that the site you want to visit is actually the site that you are visiting. However, unless you personally verify that certificate’s unique fingerprint by calling the organization directly, there is no way to be absolutely sure.
When you trust a certificate, you are essentially trusting the certificate authority to verify the organisation’s identity for you. However, it is important to realise that certificate authorities vary in how strict they are about validating all of the information in the requests and about making sure that their data is secure. By default, your browser contains a list of more than 100 trusted certificate authorities. That means that, by extension, you are trusting all of those certificate authorities to properly verify and validate the information. Before submitting any personal information, you may want to look at the certificate.
There are two ways to verify a web site’s certificate in your web browser. One option is to click on the padlock icon. However, your browser settings may not be configured to display the status bar that contains the icon. Also, attackers may be able to create malicious websites that fake a padlock icon and display a false dialog window if you click that icon. A more secure way to find information about the certificate is to look for the certificate feature in the menu options. This information may be under the file properties or the security option within the page information. You will get a dialog box with information about the certificate, including: