Friday, 7 July 2017

Padlock in the address bar is a good thing right? Not necessarily so...


Article 1 from The Register

Let's Encrypt plans to begin offering free wildcard certificates in January 2018, a move likely to make web security easier and a bit less costly for many organizations.

Announced in 2014 as an effort to enhance and accelerate online security, the public benefit certificate authority (CA) has been issuing free X.509 (TLS/SSL) certificates through an automated process that allows websites, given the technical requirements, to be accessed over encrypted HTTPS rather than the unprotected HTTP.

So: every site (including potentially scammers & crooks) can have a digital certificate: a padlock in the right hand side of the address bar.

Article 2 from the Google Chrome Help Forum:

QUESTION: When browsing to a secure site, I used to be able to click to the left of the URL where it shows the padlock and Secure icon and click 'details' which would bring a popout from the right side of my browser to view the certificate details.

Today it no longer provides this option and only says I'm on a secure connection and the only option is to select 'Learn More' which brings me to a page explaining the differences between Secure, Not Secure, etc.

ANSWER: To review the website's security certificate details, use: top-right Chrome Menu/three vertical dots ( ⋮ ) > More tools > Developer tools - Security panel  ( keyboard shortcut  Ctrl+Shift+I  or  F12 )

Now this has been bugging me for ages! I'm a big Google Evangelist, and don't moan about them often, but I have to criticise Google for this. Hiding this functionality away from users really doesn't help.

If you are using Google Chrome, on an HTTPS site, & would like to check who the CA (certificate authority) is: press the F12 button on your keyboard & a panel will appear in the right hand side of your browser window "Security Overview". 
Press the "View Certificate" button, to see who the CA is & then you can make a more informed decision as to  whether or not you TRUST the website.


UPDATE: Apparently this will be fixed (restored!) in Chrome v60. We are currently in v59, so coming soon folks! Stay safe out there!