Compare Revisions
Secure website certificate
Revision 135040:
Revision 135040 by AliceWyman on
Revision 178629:
Revision 178629 by AliceWyman on
Keywords:
Security Certificate PKI
Security Certificate PKI
Search results summary:
Websites can present Firefox with a certificate to identify themselves. Find out how Firefox checks the authenticity of the sites you visit.
Websites can present Firefox with a certificate to identify themselves. Find out how Firefox checks the authenticity of the sites you visit.
Content:
A Secure Website Certificate helps Firefox determine whether the site you are visiting is actually the site that it claims to be. This article explains how that works.
__TOC__
=Certificate and Certificate Hierarchy=
When you visit a website whose web address starts with '''https''', your communication with the site is encrypted to help ensure your privacy. Before starting the encrypted communication, the website will present Firefox with a certificate to identify itself.
An https web site is only secure to the extent that the web site is operated by someone in contact with the person who registered the domain name, and the communication between you and the website is encrypted to prevent eavesdropping. No other surety is implied.
When you visit a secure website, Firefox will validate the website’s certificate by checking that the certificate that signed it is valid, and checking that the certificate that signed the parent certificate is valid and so forth up to a [https://wiki.mozilla.org/CA:UserCertDB root certificate] that is known to be valid. This chain of certificates is called the Certificate Hierarchy.
=Certificate Contents=
Secure Website Certificates contain the following information.
'''Serial Number''': Uniquely identifies the certificate.
'''Subject''': Identifies the certificate owner, such as the name of the organization owning the certificate.
'''Issuer''': Identifies the entity that issued the certificate.
'''Subject Alt Name Extension''': List of website addresses that the certificate can be used to identify.
'''Signature''': Data that verifies that the certificate came from the Issuer.
'''Signature Algorithm''': Algorithm used to create the Signature.
'''Valid-From''': The date the certificate is first valid.
'''Valid-To''': The expiration date.
'''Key-Usage and Extended Key Usage''': Specifies how the certificate may be used, such as for confirming ownership of a website (Web Server Authentication).
'''Public Key''': The public part of the data that comprises the public/private key pair. The public and private keys are mathematically linked, so the data encrypted with the public key can only be decrypted with the corresponding private key.
'''Public Key Algorithm''': Algorithm used to create the Public Key.
'''Fingerprint''': An abbreviated form of the Public Key.
'''Fingerprint Algorithm''': Algorithm used to create the Fingerprint.
=View a Certificate=
When you have browsed to a website whose web address starts with https, there will be a lock icon at the begining of the address bar. Click on the [[Image:Site Info button]] icon and on the right arrow to get a pop-up that says who verified the certificate, then click on {button More Information}.
;[[Image:Security Certificate - More Info - 42]]
In that window, click on '''Security''', then {button View Certificate}.
=Problematic Certificates=
When you browse to a website whose web address starts with https and there is a problem with the Secure Website Certificate, you will see the [[What does "Your connection is not secure" mean?|Your connection is not secure]] alert page. Some common errors are described [[What does "Your connection is not secure" mean?#w_technical-information|here]].
To view the problematic certificate, follow these steps:
# On the warning page, click '''Advanced'''.
# Click {button Add Exception…}.
#;{for win}[[Image:Add Cert Exception 44]]{/for}
# When the Add Security Exception dialog appears, click {button View…}. The Certificate Viewer dialog will appear.
=Reporting Certificate Errors=
After you encounter an insecure connection error, you may see a popup window asking you to report the error to Mozilla. Sharing the address and site identification (the Secure Website Certificate) for the site that was untrusted will help us identify and block malicious sites to keep you better protected.
A Secure Website Certificate helps Firefox determine whether the site you are visiting is actually the site that it claims to be. This article explains how that works.
__TOC__
=Certificate and Certificate Hierarchy=
When you visit a website whose web address starts with '''https''', your communication with the site is encrypted to help ensure your privacy. Before starting the encrypted communication, the website will present Firefox with a certificate to identify itself.
An https web site is only secure to the extent that the web site is operated by someone in contact with the person who registered the domain name, and the communication between you and the website is encrypted to prevent eavesdropping. No other surety is implied.
When you visit a secure website, Firefox will validate the website’s certificate by checking that the certificate that signed it is valid, and checking that the certificate that signed the parent certificate is valid and so forth up to a [https://wiki.mozilla.org/CA:UserCertDB root certificate] that is known to be valid. This chain of certificates is called the Certificate Hierarchy.
=Certificate Contents=
Secure Website Certificates contain the following information.
'''Serial Number''': Uniquely identifies the certificate.
'''Subject''': Identifies the certificate owner, such as the name of the organization owning the certificate.
'''Issuer''': Identifies the entity that issued the certificate.
'''Subject Alt Name Extension''': List of website addresses that the certificate can be used to identify.
'''Signature''': Data that verifies that the certificate came from the Issuer.
'''Signature Algorithm''': Algorithm used to create the Signature.
'''Valid-From''': The date the certificate is first valid.
'''Valid-To''': The expiration date.
'''Key-Usage and Extended Key Usage''': Specifies how the certificate may be used, such as for confirming ownership of a website (Web Server Authentication).
'''Public Key''': The public part of the data that comprises the public/private key pair. The public and private keys are mathematically linked, so the data encrypted with the public key can only be decrypted with the corresponding private key.
'''Public Key Algorithm''': Algorithm used to create the Public Key.
'''Fingerprint''': An abbreviated form of the Public Key.
'''Fingerprint Algorithm''': Algorithm used to create the Fingerprint.
=View a Certificate=
When you have browsed to a website whose web address starts with https, there will be a lock icon at the begining of the address bar. Click on the [[Image:Site Info button]] icon and on the right arrow to get a pop-up that says who verified the certificate, then click on {button More Information}.
;[[Image:Security Certificate - More Info - 42]]
In that window, click on '''Security''', then {button View Certificate}.
=Problematic Certificates=
When you browse to a website whose web address starts with '''https''' and there is a problem with the Secure Website Certificate, you will see an error page. Some common certificate errors are described in [[What do the security warning codes mean?|this article]].
To view the problematic certificate, follow these steps:
{for not fx66}
# On the "Your connection is not secure" warning page, click '''Advanced'''.
# Click {button Add Exception…}
#;{for win}[[Image:Add Cert Exception 44]]{/for}
# When the Add Security Exception dialog appears, click {button View…}. The Certificate Viewer dialog will appear.
{/for}
{for fx66}
# On the "Warning: Potential Security Risk Ahead" page, click '''Advanced'''. (On other error pages, click '''More Information'''.)
#* Technical details about the error will be displayed.
#Beneath the Error code, click ''View Certificate''. The Certificate Viewer dialog will appear.
#;[[Image:Fx66ViewCertificate]]
{/for}
=Reporting Certificate Errors=
Certificate error pages include an option to report the error to Mozilla. Sharing the address and site identification (the Secure Website Certificate) for the site that was untrusted will help Mozilla identify and block malicious sites to keep you better protected.