SSL/TLS (HTTPS) is critical to user security and privacy on the Internet. In recent news about SSL/TLS certificates surf jacking, “HTTPS: Surf jacking makes it vulnerable,” and could lead to major issues for internet users.

It’s required to have human intervention to validate the authenticity of certain types of certificates. This was obvious when Mozilla changed how its newest Web browser (Firefox 3) handles Web sites with expired or self-signed SSL/TLS certificates. If you visit a Web site with either an expired or a self-signed SSL/TLS certificate, Firefox 3 will not show that page at all. Instead, it will display an error message, similar to any other browser error (for example a “page not found” 404 message). This was by far a good call on Mozilla’s part to force ecommerce sites to update or renew expired certificates.

How does the error occur?

The error occurs because Mozilla has decided to take SSL/TLS Web page security to the next level, challenging any certificate that isn’t in the Web browser’s certificate database, has incorrect information, or is expired. This is a good thing; it will make Web browsing and online commerce a great deal safer. In order to understand why, let’s take a quick look at the SSL/TLS process.

SSL/TLS process:

SSL/TLS consists of two important and independent processes: authentication and data stream encryption. With today’s tough Internet environment, it’s vital to have strong encryption to protect the data packets as they travel to their destination. Thank goodness, using a SSL/TLS VPN is secure and working properly.

Authentication is a digital certificate is a data file that contains information about the Web site’s certificate holder and used to verify that the Web site is indeed what it portrays to be. The Web server’s host name, issue and expire time, and the public key for the Web server are just a few of the details contained in a certificate.

That’s it in a nut shell!