• Home
• Prices
  • Coupon
• About Us
  • How It Started
  • Mission Statement
  • Why Choose Computer Wizard?
  • Business Practices
• Virus Corner
• Services
  • Hardware Repair
  • Software Problems
  • Networking
  • In-Shop Service
  • Remote Assistance
  • Business Solutions
  • Computer Hardware Recycling
• Service Area
• FAQ
• Refer A Friend
• Feedback
• Contact Us
  • Directions to Us
• CWI Articles
• Educational
• For Experts
• How-To
• Important
• News
• Service Announcements
• Success Stories
• Tips & Tricks

What are Security Certificates?

Once in a while, when you are browsing various websites, you might get a message that says something about a Security Certificate. I wrote a little bit about this in another article in relation to the computer’s time being incorrect. But here I’d like to explain what the certificates are and what purpose they serve.

In order to understand what a security certificate is for, I need to explain a little bit about website traffic. There are two basic types of communication that websites use: unsecure and secure. Unsecure is the most common, simply because most of the time you are not accessing anything confidential or sensitive. Unsecure means that the traffic between your computer and the web server is not encrypted in any way. If someone would “listen in” and capture the traffic he could see what went on exactly. The unsecure website addresses start with ‘http://’.

The secure connection is used when sensitive information is being transmitted, for example passwords, social security numbers, etc. With a secure connection the traffic is encrypted in such a way that only the two parties (your computer and the web server) can decrypt each others communications. Because of the possibly sensitive information that’s being passed onto a secure web server, the servers are required to identify themselves. You should always check before entering credit card numbers, passwords, or other sensitive information that the secure website address starts with: https://

A Security Certificate is the ID that a website has. Here’s the basic procedure on how the ID is verified by your browser:

1, The browser initiates contact with the secure website
2, The website sends back a digital certificate to the browser. This certificate includes a reference to who issued it, and between what dates it’s valid.
2a, If the current date is outside of the validity range of the certificate the browser will issue a warning  to the user about the certificate being not valid.
3, The browser sends the certificate to the issuing company’s server for verification.
3a, If the verification fails then the browser will issue a warning  to the user about the certificate being not valid.
4, The browser will use the encryption data in the certificate to communicate with the server.

There are a couple of reasons why you’d get a warning about a website’s certificate:

1, The computer’s time and date is way off.
2, The website owner has not paid for the registration of its certificate with a third party.
3, There’s something wrong with the browser’s database that’s being used for verifying certificates.
4, The website has been redirected to another server (probably by hackers).

The order here matches the usual probabilities.

So #1 is most likely. Just check the date and time.

#2 happens with small websites, or internal company websites I’d recommend checking out the legitimacy of the website from trusted sources (for example: www.siteadvisor.com).

#3 usually causes most websites to have “invalid” certificates. If you are getting a lot of these messages and the date and time is correct then you are likely to have a system or browser corruption. Fortunately, this is very rare, but on the other hand it’s quite complicated to fix it – sometimes requiring reinstall of the Windows operating system.

#4 is really rare, this level of hacking expertise is not common and there are numerous safeguards against it. Also, it normally gets very quickly noticed and corrected.