Secure Website Certificate

Revision Information
  • Revision id: 52039
  • Created:
  • Creator: kwilson
  • Comment: Work in Progress
  • Reviewed: No
  • Ready for localization: No
Revision Source
Revision Content

Certificate and Certificate Hierarchy

A Secure Website Certificate helps Firefox determine whether the site you are visiting is actually the site that it claims to be. When you visit a website whose web address starts with https, your communication with the site is encrypted to help ensure your privacy. Before starting the encrypted communication, the website will present Firefox with a certificate to identify itself.

An https web site is only secure to the extent that the web site is operated by someone in contact with the person who registered the domain name, and the communication between you and the website is encrypted to prevent eaves dropping. No other surety is implied.

When you visit a secure website, Firefox will validate the website’s certificate by checking that the certificate that signed it is valid, and checking that the certificate that signed the parent certificate is valid and so forth up to a root certificate that is known to be valid. This chain of certificates is called the Certificate Hierarchy.

Certificate Contents

Secure Website Certificates contain the following information.

Serial Number: Uniquely identifies the certificate.

Subject: Identitifies the certificate owner, such as the name of the organization owning the certificate.

Issuer: Identifies the entity that issued the certificate.

Subject Alt Name Extension: List of website addresses that the certificate can be used to identify.

Signature: Data that verifies that the certificate came from the Issuer.

Signature Algorithm: Algorithm used to create the Signature.

Valid-From: The date the certificate is first valid.

Valid-To: The expiration date.

Key-Usage and Extended Key Usage: Specifies how the certificate may be used, such as for confirming ownership of a website (Web Server Authentication).

Public Key: The public part of the data that comprises the public/private key pair. The public and private keys are mathematically linked, so the data encrypted with the public key can only be decrypted with the corresponding private key.

Public Key Algorithm: Algorithm used to create the Public Key.

Fingerprint: An abbreviated form of the Public Key.

Fingerprint Algorithm: Algorithm used to create the Fingerprint.

View a Certificate

How to view the certificate

Problematic Certificates

Typical certificate related problems that cause the Untrusted Connection error

Reporting Certificate Errors

Why Mozilla may ask the user to report the Untrusted Connection error