Quickly Check A Website’s HTTPS Security


SSL_securityMost of you will be aware that whenever you visit a website or page where you need to input sensitive information, such as a banking site or the checkout on a shopping site, the address of the site/page should be prefixed with “https” rather than the insecure “http”. The added “s” on the end stands for “secure” and is your guarantee that the information you are providing is being encrypted, making it more difficult for a hacker to intercept your data.

The https security protocol is managed via a system of certification. In order to enable the use of encryption, the web site’s operator first needs to apply for an SSL Certificate, which is, in effect, a small text file installed on the server to verify their identity. These certificates are only granted once the web site operator has proved their identity to a trusted source (such as Symantec, Comodo, GeoTrust) and usually expire after a year or 2, requiring a fresh application.

Wikipedia briefly describes https thus:

HTTPS creates a secure channel over an insecure network. This ensures reasonable protection from eavesdroppers and man-in-the-middle attacks, provided that adequate cipher suites are used and that the server certificate is verified and trusted.

As you can see from the provisos included in the above quote, https security relies heavily on the correct server certification and strong encryption techniques. You may have read recently about SSL vulnerabilities because of sites with older, weaker encryption protocols, including names such as “Heartbleed” and “Freak”.

Here are links to two sites which will quickly check the security of any https sites you might be concerned about:

Symantec. SSL Toolbox

This online tool provided by security company Symantec will quickly verify that a site’s SSL certificate is current and valid, and will also provide additional information about any major vulnerabilities on the site.


Just copy and paste a https address into the associated dialogue box and then click the Check button:

Click image for full size

Click image for full size

 Qualys SSL Labs – SSL Server Test

This very similar online tool from Qualys Labs takes a little longer to complete the scan but also provides more detailed information. However, the summary is what will be of primary interest to most users:

Click image for full size

Click image for full size

Bottom Line

Https is, in general, a secure protocol. However, just because a site’s address is prefixed with https doesn’t necessarily mean you should trust it implicitly. If in any doubt, you can use one of the above online tools to make sure.

 

Posted in:
About the Author

Jim Hillier

Jim is the resident freeware aficionado at DCT. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele... as well as writing for DCT, of course.

There are no comments

Your email address will not be published. Required fields are marked *