What is a Security Certificate?
I'll bet one time or another you've surfed the web and suddenly found a pop-up
window in front of you, demanding your approval for a security certificate. I
occasionally see these on shopping sites, usually the smaller, less-well-funded companies.
The first time I saw one of these windows I had no idea what to do. What the heck
is a security certificate? And whatever it is, why is the browser asking me about it?
I mean, I had enough questions about ActiveX controls, now I was being asked about
Let's look at security certificates from the perspective of dating. Let's say you
are a woman looking for a date. How do you know you can trust a person? Well, you can
just decide for yourself or you can ask a trusted friend about the potential date.
So you call up "Sally" and ask "can I trust Bill on a date?" Sally will tell you
yes or no, and since you trust her if she says "no" the poor guy will not be going out
with you. That's the way a security certificate works. The certificate is an
electronic document which is highly secure (encrypted) and stamped with an identifier.
That identifier says the web site with the certificate is whom it claims to be.
The way it works is straightforward. Let's say I want to sell something on my web
site. I might purchase a security certificate from Verisign (or any number of other
companies) to prove to people visiting my web site that I am who I say I am.
Before it grants the certificate, I will need to provide Verisign with proof that
I am indeed the person (or company) that I claim to be. Verisign will ask me for
documents, notarized, such as a birth certificate (for a personal certificate) or
other documents from businesses. Several documents must be presented in order for
Verisign to grant the certificate.
Okay, now you also have to understand that your browser automatically comes with
a number of security certificates, including one from Verisign. Thus, when you visit
my secure site my certificate is retrieved. The browser sees that my certificate was
granted by Verisign, and checks it's own certificates and finds Verisign. The browser
then grants access to the secure web page, since it has "proof" that I am who I say I
am. This means that a secure channel is now set up so the browser can talk to the web
site (and vice versa) without fear of someone listening in on the conversation.
So in other words, Verisign is simply a trusted organization which verifies that
people (and companies) are who they say they are.
Remember the purpose of security certificates is merely to provide a means whereby
you can trust entities (companies and people) on the internet. A security certificate
does not in any way imply a web site is "good", will protect your privacy or will
deliver your products.
Let me stress that again - security certificates so not imply anything about a web
site except that it is what it says it is. They DO NOT mean the site is trustworthy or valuable.
Richard Lowe Jr. is the webmaster of Internet Tips And Secrets at [internet-tips.net redirected].
More General Web Design:
• White Space in Web Design
• Five Ways to Enhance Your Website User Experience
• Policies Your Web site Must Have
• Ten Tips for Choosing a Good Domain Name
• Top Five Design Tips
• "About Us" Pages in Small Business Websites
• What is a security certificate?
• Six Tips For Writing User Interface Instructions
• A Random Walk Down Web Street - Litter Revolution
• Tips and Tricks to Optimize a Website's Speed