Many users, especially those using Chrome will be seeing messages that sites they are accessing are not secure. What do you do? Do you go there or not? If it is your site that’s generating the message what do you do?
So let’s go back to basics and in simple non technical speak understand what this is all about. For years most of the www traffic on the web has been in plain text. In other words when you typed things like username, credit card details, passwords etc into your browser anyone capturing the packets of data sent out from your computer could read what you were writing. This sounds horrific but in reality there are so many trillions of packets of information at any given time that the chances of the traffic you send or the traffic to your website being read was infinitesimally small. UNLESS the site you were sending traffic to or your site site was of particular interest or notoriety.
It wasn’t long before traffic from and to noteworthy sites was being regularly intercepted. Then some bright spark came up with a better wheeze. The “Man in the Middle Attack” (I thought I would hand draw the illustration for this just to reinforce my attempt to make this as un-techie as possible):-
Every computer on the internet has a unique address. and when you browse, your browser goes off to find the address of the website you want to look at (see my article here for more details on this).
Under some circumstances it is possible to spoof your browser into going to another address entirely, a rogue sever, where there is an identical web page to the one you are expecting to see.
As you enter your details the rogue server stores your details then forwards them and you onto the real server so you are unaware anything untoward has happened.
So the SSL Security Certificate was invented. This enabled both problems to be dealt with in one go. First off it supplied a mechanism that coded/encrypted the data you were sending and receiving so data captured was just meaningless strings of characters. Secondly the certificate was tied to one particular address on the internet so your browser could instantly tell if there was a rogue server in the middle.
All this is very old hat, the first SSL certificate was issued around 1066! Note too that sites without a certificate use HTTP at the start of the address and the the one with, uses HTTPS
.
SSL Security Certificate Woes Part 2 >>>