Digital certificates are electronic records used to establish the legitimacy of a website. These certificates are issued by a trusted third party known as a Certificate Authority (CA). A certificate contains details such as the certificate holder's common name, a copy of its public key, validity dates, a serial number, and the digital signature of the CA so that a recipient can verify that the certificate is authentic.
Websites with a valid certificate installed are considered more secure as the communication between such websites and the browser is encrypted. This encryption occurs due to the implementation of Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols. These protocols use the certificate to provide privacy (encryption) and integrity (validation) as a layer of protection.
A website without a certificate or using a revoked certificate will still be accessible to the users. It is a good practice to check if the website you are accessing is secured with a valid certificate to ensure that your sensitive online transactions are protected. To do this, users can look out for (i) the Uniform Resource Locator (URL) to check that it is prefixed with the Hypertext Transfer Protocol Secure (https://), (ii) the presence of a lock icon in the URL bar and (iii) the website’s certificate validity which is accessible by clicking on the lock icon.
Users are advised to check the validity of a website's certificate before providing any important personal data or performing any sensitive transaction
including financial-related ones on the website.
For website administrators:
To ensure the security of a website, website administrators are advised to obtain a security certificate from any of the trusted CAs and to install the certificate on the web server. In the event that the certificate becomes invalid, website administrators should obtain and install a new certificate.
For a list of CAs, please visit https://cabforum.org/members/.