Secure website certificate

Revision Information
  • Revision id: 53370
  • Created:
  • Creator: kwilson
  • Comment: Work in Progress
  • Reviewed: No
  • Ready for localization: No
Revision Source
Revision Content

Certificate and Certificate Hierarchy

When you visit a website whose web address start with https, your browser attempts to create a secure (confidential, integrity protected and authenticated) connection to the website. In order to authenticate the website (before any data is sent) the website will present a certificate so that Firefox can validate that the website is controlled by who it claims to be.

A certificate is a signed assertion by another party of an identity and other attributes related to this identity. This is similar to a driver's license or a passport. Additionally, this assertion must be signed by somone the browser trusts (a Certificate Authority) or someone who has been delegated this authority (by a trusted Certificate Authority).

An https website is only secure to the extent that the website is operated by someone in contact with the person who registered the domain name, and the communication between you and the website is encrypted to prevent eaves dropping. No other surety is implied.

When you visit a secure website, Firefox will validate the website’s certificate by checking that the certificate that signed it is valid, and checking that the certificate that signed the parent certificate is valid and so forth up to a root certificate that is known to be valid. This chain of certificates is called the Certificate Hierarchy.

Certificate Contents

In Firefox you can view the following information about a Secure Website Certificate.

Serial Number: Uniquely identifies the certificate.

Subject: Identitifies the certificate owner, such as the name of the organization owning the certificate.

Issuer: Identifies the entity that issued the certificate.

Subject Alt Name Extension: List of website addresses that the certificate can be used to identify.

Signature: Data that verifies that the certificate came from the Issuer.

Signature Algorithm: Algorithm used to create the Signature.

Valid-From: The date the certificate first asserts the identity.

Valid-To: The last date when the certificate can be considered valid.

Key-Usage and Extended Key Usage: Specifies how the certificate may be used, such as for confirming ownership of a website (Web Server Authentication).

Public Key: The public part of the data that comprises the public/private key pair. The public and private keys are mathematically linked, so the data encrypted with the public key can only be decrypted with the corresponding private key.

Public Key Algorithm: Algorithm used to create the Public Key.

Fingerprint: An abbreviated form of the Public Key.

Fingerprint Algorithm: Algorithm used to create the Fingerprint.

View a Certificate

When you have browsed to a website whose web address starts with https, there will be a lock icon at the begining of the address bar. Single-click on the lock icon to get a pop-up that says who verified the certificate, then click on More Information.... In that window click on Security then View Certificate.

Problematic Certificates

When you browse to a website whose web address starts with https, if there is a problem with the Secure Website Certificate, you will see the This Connection Is Untrusted alert page. Some common errors are described here.

To view the problematic certificate, follow these steps:

  1. On the warning page, click I Understand the Risks.
  2. Click Add Exception.... The Add Security Exception dialog will appear.
  3. Click View.... The Certificate Viewer dialog will appear.

Reporting Certificate Errors

After you encounter an Untrusted Connection error, you may see a popup window asking you to report the error to Mozilla. Sharing the address and site identification (the Secure Website Certificate) for the site that was untrusted will help us identify and block malicious sites to keep you better protected.