Secure Server
When the end user submits information to a Web site, the data can go through many hops and various routes. During the transfer, the data can be intercepted by a hacker. A web server that requests confidential information from the end user should use encryption and Security Socket Layer (SSL) to safeguard the transaction of the data. When the data are encrypted, they will appear as meaningless scrambled symbols to a hacker. The encrypted data will become meaningful again only after they are received by the server and decrypted with a secure key. The key is known to the server only.
How can you tell if a server is secure or not? --- You can tell by looking the protocol name at the beginning of the URL. Instead of the regular HTTP, a secure site has a URL that starts with https://. In addition, most browsers display a padlock at the bottom right corner of the browser. You can double click on the padlock to view information about who issued the secure certificate to whom, and when the secure certificate expires.
Mismatch between a Site Certificate and the Site --- If the browser reports that the site certificate doesn't match the site and asks me if I wish to continue, you should usually abort. This can be due to an innocent server misconfiguration, or it can be evidence that a server certificate has been stolen and is being misused.
Server Certificate Expired --- If the browser reports that the server's certificate has expired, you should generally abort and come back again later to try. This may be because the server admin hasn't been able to renew the site's certificate in a timely manner, or it may indicate that the certificate has been stolen and is being misused.
Unrecognized Certificate Signing Authority --- Web browsers come with a preinstalled list of certifying authorities that they trust. A few years ago there was only one certifying authority, the VeriSign corporation, but now there are dozens. When a Web site presents your browser with a certificate signed by some authority, the browser will look up the authority in its predefined list. If the browser finds the authority, it will allow the SSL connection to continue. Otherwise it will report that it doesn't recognize the certifying authority.
Authors: DSU Web Support Team. Page last updated on 08/01/2005