You might not think about it much when browsing the web every day, but website certificates are incredibly important. Your browser handles so much transactional information in the background to make sure that you’re browsing the web safely.
Sometimes, though, you might see a website certificate error letting you know that the website’s certificate belongs to another page.
If you see these all the time, you might have an issue with your system’s clock being off or you might have some malware that needs cleaning, but if you only see it sometimes, it’s worth examining to understand the error.
To view any website’s certificate in any browser (except Edge), click the green padlock icon when visiting a page using HTTPS. Choose Details > View Certificate on Chrome, click the arrow and choose More Information on Firefox, and choose View Certificates on IE. This allows you to view who the certificate was assigned to.
However, one certificate can be valid for more than one URL name. If you view YouTube’s certificate, it shows as issued to google.com. By digging into the Details tab in any browser and finding Subject Alternative Name, you can see other names that the certificate is valid for. So, Google’s cert is valid for youtube.com, gmail.com, and android.com, for example.
Using this information to your advantage, you can find out if an invalid certificate warning is coming from a legitimate website name change (maybe Hewlett-Packard changes their name to Hewlett-Jackson and the site changes from hp.com to hj.com), or if it’s a cert for some shady URL across the world.
For more security info, check out how Lenovo broke the trust of its users when it installed the secure browsing hijacker Superfish on its computers.
Have you ever diagnosed an invalid certificate? Let us know if you’ve played detective down in the comments!
Image Credit: ktsdesign via Shutterstock.com