By Leo Notenboom
Sometimes when I’m on a secure website (https in the URL), I notice that the https has a slash through it, seemingly meaning the site is NOT secure. Is this true? And if so, why is it happening?
Https, for secure http, is used instead of http to do two things: confirm the identity of the site you’re connecting to and keep your communications with that site secure by encrypting it all.
If something is wrong, the browser will often display a warning, but in some cases, it will do nothing more than turn the https indicator red or put a line through it.
Unfortunately, “something is wrong” can mean many things, ranging from a serious security issue to a benign oversight by the website’s owner.
Your browse should warn you
In most cases when you first connect to a website that has an https problem, your browser should warn you. In the case above, there are two problems that Internet Explorer is telling me about the site I’m visiting:
1. The security certificate presented by this website was not issued by a trusted certificate authority. Https uses trusted authorities validated by the so-called “root certificates” to issue encrypted credentials (a certificate) to websites to validate their identity. In this case, while a certificate is in place, it has not been issued by a trusted authority and thus, it could have been created by anyone.
Bottom line: This site may say it is the site you’re going to, but it’s very possible that it’s lying.
This post is excerpted with permission from Leo Notenboom.