eli5 Why does the “site can’t provide a secure connection” error exist?

138 views

title

In: 1

10 Answers

Anonymous 0 Comments

When you go to a website that claims that the connection to it is secure, but it cannot provide a valid proof that this is the case, you will get such an error. Websites literally get a certificate of security, and this certificate has to be valid and for the correct URL. If this certificate exists, your browser usually shows a little green padlock icon to the left of the URL in the top of the browser, or something similar.

In most cases when you get that error, it’s because the certificate the site once had has expired and needs to be renewed – until then, it’s not valid. In other cases, maybe the website changed its name and the certificate no longer matches. Or it could be the wrong certificate. Or in other cases, it’s an evil website that pretends like it’s secure and it has a certificate, but actually it doesn’t 🙂

Anonymous 0 Comments

When you go to a website that claims that the connection to it is secure, but it cannot provide a valid proof that this is the case, you will get such an error. Websites literally get a certificate of security, and this certificate has to be valid and for the correct URL. If this certificate exists, your browser usually shows a little green padlock icon to the left of the URL in the top of the browser, or something similar.

In most cases when you get that error, it’s because the certificate the site once had has expired and needs to be renewed – until then, it’s not valid. In other cases, maybe the website changed its name and the certificate no longer matches. Or it could be the wrong certificate. Or in other cases, it’s an evil website that pretends like it’s secure and it has a certificate, but actually it doesn’t 🙂

Anonymous 0 Comments

Typically when the web address begins with HTTPS (which is supposed to denote a secure connection) but the website doesn’t have a valid SSL certificate you will see this error. It is meant to warn the user the site may not be implementing the secure socket layer or transport layer security protocol that their web address indicates. In other words the browser cannot authenticate the website’s security protocol.

Anonymous 0 Comments

Typically when the web address begins with HTTPS (which is supposed to denote a secure connection) but the website doesn’t have a valid SSL certificate you will see this error. It is meant to warn the user the site may not be implementing the secure socket layer or transport layer security protocol that their web address indicates. In other words the browser cannot authenticate the website’s security protocol.

Anonymous 0 Comments

Your web browser and underlying operating system has well crafted and standardised techniques to ensure that the website you’re trying to visit passes some basic standards to ensure that:

a) The site is actually the site you intend to visit, and
b) a high level of privacy and integrity is maintained in your communications with that site.

This is your web browser protecting you from basic pitfalls like a good boy.
(Do not use that small option to bypass the warning.)

Anonymous 0 Comments

Your web browser and underlying operating system has well crafted and standardised techniques to ensure that the website you’re trying to visit passes some basic standards to ensure that:

a) The site is actually the site you intend to visit, and
b) a high level of privacy and integrity is maintained in your communications with that site.

This is your web browser protecting you from basic pitfalls like a good boy.
(Do not use that small option to bypass the warning.)

Anonymous 0 Comments

When the web was first developed there wasn’t much thought given to safety and security.

The way the system works is that you have a name like reddit.com and ask around where you can find the webserver that operates under that name and then go there and ask it for a website.

The “ask around” part is done via DNS a system that translates names into IP addresses.

The trouble is there is no guarantee that those addresses really belong to the owner of the domain. Somebody between you and there could fake stuff and pretend to be the website.

They could pretend to be reddit or facebook or your bank and show you fake content or trick you into entering your username and password.

Also all communication with those sites is in clear text that means anyone along the way can read everything.

It is like writing confidential information on a postcard and trust that the letter carrier and everyone who handles the postcard at the post office won’t read it.

This is good enough for “Wish you were here” or “happy birthday” type of messages but not for anything that you want to keep secret.

this is where https comes in.

It involves a certificate that guarantees that the one operating the web-server is allowed to do so by the owner of the domain. it also encrypts all your communication with the site so that anyone between you and it doesn’t know what content you exchanged.

This is why you should only ever enter any data like usernames and passwords when you communicate over https.

One issue you might already have notice is the certificate, who guarantees that it isn’t fake. the answer involves a lot fo complicated math and chains of trust.

You trust the certificate because it was issued by someone you trust and you trust them because they have a certificate that was issued by someone else you trust. There is a chain that goes several links up to a small number of organizations whose main business is being trustworthy.

Since there is a lot of money to be made by trying to break into this chain of trust, a lot of work has to go into maintaining it.

If at some point any of the links in that chain gets broken and someone steals the metaphorical stamp of authenticity they could do a lot of damage with that.

To limit the danger compromised certificates are revoked all the time and your computer will check any certificate against the list of stuff that you shouldn’t trust any longer.

Similarly all certificates come with an expiry date, so finding a valid certificate from years ago will not help any hackers.

The expiration is a bit of a problem however.

If the people who run the website forget to renew the certificate before it expires. anyone visiting the site get a message that the website doesn’t have a valid certificate and that they might not be trustworthy.

You can think of it like an personal ID or passport that guarantees who you say you are. Those expire eventually.

If you try to travel abroad on an expired passport you will encounter problems. The passport may have been genuine, but it is no longer valid and they won’t let you in.

Anonymous 0 Comments

It’s actually pretty easy to create a website that pretends to be another. You can name a link whatever you want, and there are ways to spoof what a browser shows in its address bar.

Tricking people into going to a perfect replica of their bank’s website, and putting in their username/password to “log in,” is an incredibly common way of stealing someone’s real bank account, for example.

To prevent this, the internet has created ways for sites to prove they are real, with what is basically a certificate or “signature” type system. But to do this, sites have to basically buy a certificate of proof, and remember to renew that certificate every so often.

If you go to a site and get this error, it means the certificate check failed. Now, maybe it’s just because the website owner forgot to renew their certificate or messed up. But it could also mean it failed because it’s a fake site, pretending to be someone else.

So either the website owner is malicious, or incompetent. Either way, it’s not a good look.

Anonymous 0 Comments

When the web was first developed there wasn’t much thought given to safety and security.

The way the system works is that you have a name like reddit.com and ask around where you can find the webserver that operates under that name and then go there and ask it for a website.

The “ask around” part is done via DNS a system that translates names into IP addresses.

The trouble is there is no guarantee that those addresses really belong to the owner of the domain. Somebody between you and there could fake stuff and pretend to be the website.

They could pretend to be reddit or facebook or your bank and show you fake content or trick you into entering your username and password.

Also all communication with those sites is in clear text that means anyone along the way can read everything.

It is like writing confidential information on a postcard and trust that the letter carrier and everyone who handles the postcard at the post office won’t read it.

This is good enough for “Wish you were here” or “happy birthday” type of messages but not for anything that you want to keep secret.

this is where https comes in.

It involves a certificate that guarantees that the one operating the web-server is allowed to do so by the owner of the domain. it also encrypts all your communication with the site so that anyone between you and it doesn’t know what content you exchanged.

This is why you should only ever enter any data like usernames and passwords when you communicate over https.

One issue you might already have notice is the certificate, who guarantees that it isn’t fake. the answer involves a lot fo complicated math and chains of trust.

You trust the certificate because it was issued by someone you trust and you trust them because they have a certificate that was issued by someone else you trust. There is a chain that goes several links up to a small number of organizations whose main business is being trustworthy.

Since there is a lot of money to be made by trying to break into this chain of trust, a lot of work has to go into maintaining it.

If at some point any of the links in that chain gets broken and someone steals the metaphorical stamp of authenticity they could do a lot of damage with that.

To limit the danger compromised certificates are revoked all the time and your computer will check any certificate against the list of stuff that you shouldn’t trust any longer.

Similarly all certificates come with an expiry date, so finding a valid certificate from years ago will not help any hackers.

The expiration is a bit of a problem however.

If the people who run the website forget to renew the certificate before it expires. anyone visiting the site get a message that the website doesn’t have a valid certificate and that they might not be trustworthy.

You can think of it like an personal ID or passport that guarantees who you say you are. Those expire eventually.

If you try to travel abroad on an expired passport you will encounter problems. The passport may have been genuine, but it is no longer valid and they won’t let you in.

Anonymous 0 Comments

It’s actually pretty easy to create a website that pretends to be another. You can name a link whatever you want, and there are ways to spoof what a browser shows in its address bar.

Tricking people into going to a perfect replica of their bank’s website, and putting in their username/password to “log in,” is an incredibly common way of stealing someone’s real bank account, for example.

To prevent this, the internet has created ways for sites to prove they are real, with what is basically a certificate or “signature” type system. But to do this, sites have to basically buy a certificate of proof, and remember to renew that certificate every so often.

If you go to a site and get this error, it means the certificate check failed. Now, maybe it’s just because the website owner forgot to renew their certificate or messed up. But it could also mean it failed because it’s a fake site, pretending to be someone else.

So either the website owner is malicious, or incompetent. Either way, it’s not a good look.