If you have you visited a HTTPS site and got an error message which you do not understand, then this article is for you. Here I cover the common errors encountered while browsing HTTPS sites.
As discussed earlier, when the HTTPS connection is being established, the browser recieves the certificate from the server. Following cases are possible
- The certificate is expired.
Check the system’s date, the most common cause being misconfigured date.
If your system’s date is correct, then this is a serious issue. Visiting a site with expired certificate is like eating an expired packets of chips.(it might be good but not for sure)
- The certificate is for another domain
Check the actual domain for which the certificate is issued.
Common cause is the certificate is for www.xyz.com and user is navigating xyz.com. Otherwise, if the certificate is for abc.com and is being used for xyz.com, then either xyz.com is affiliated to abc.com and this is just a wrong(or economic?) decision on the part of company. If that is not the case, then leave the website immidiately.
- The certificate is not verified by a trusted CA
The certificate is issued/signed by an authority which your browser does not trusts.
Equivalent to saying, you are meeting someone who has a degree from university not recognized by government.(for example, my institute uses HTTPS for its mail site webmail.iitk.ac.in but is not a signed by one of the authorities which popular browsers trust)
Remedy is to visit the web site of certificate signer (that must be HTTPS) and confirm that the certificate is issued by it and if you trust the signee enough go ahead and add the certificate to the browser repository. It should be noted that youur decision to trust the website is based on the mutual trust.
- Page contains non-HTTPS components
This happens when the web developer includes non-HTTPS things(sepcially images and CSS) in the code usually, for optimization purposes. It is usually safe to go ahead unless its a banking site [it better to be on safe side]. The issue being the some parts of the page which are delivered using plain HTTP can actually be tapped (and modified as well).
- No warning
Good, go ahead, you are safe.[really?]
Have you got any HTTPS warning/error messages? do post them in comments.