How to Test an SSL Website

by David Gitonga

Secure Sockets Layer (SSL) is a communication protocol that ensures secure data transmission between client computers and servers. SSL can be used as a sub-layer of regular HTTP and offers secure communication channels called HTTPS (HTTP over SSL). This allows Web page requests to have the same level of protection against eavesdropping and phishing that regular SSL offers. It is important to test whether a website has SSL, since poor implementation of the protocol will result in limited HTTPS effectiveness. To use SSL, a website needs a security certificate installed.

Check that the website URL on the address bar starts with "HTTPS." With HTTPS websites, only the secure server and the client can open sent messages. Even when the message is intercepted, it is still not understandable since only the sender and the recipient know the "code" to decipher the data.

Verify there is a lock icon on the lower-right corner of your browser window. Enable the Status bar to view the lock icon. Double-click the lock icon to view the SSL Certificate as well as other details about the certificate issuer and the domain to which it is issued. Check the name the website the certificate was issued. If the name of the website you are viewing appears next to the "Issued to," then the website is secure using SSL.

Check that the site seal of the Certificate vendor is located on a highly visible location on the site. Certificate vendors like VeriSign, GeoTrust, SSL.com among others who secure online merchant sites will make every effort to ensure the customer sees the site seal. It will not be on a hidden location on the website.

Ensure that the site seal has a stamped date and time. This makes it difficult for scammers to make duplicates.

Click on the site seal or hover your mouse over it. A functionality should display some information about the site, such as website information you are currently viewing.

Warning

  • close A warning will be displayed when a website for which an SSL Certificate was issued fails. This happens when the expiration date has passed, the certificate has been issued by a Certificate Authority the browser does not trust and/or if the certificate is in use by a website for which it was not issued. This is a sure sign that you are viewing a phishing or an insecure website.

About the Author

David Gitonga is a Web designer and has an associate degree in information technology and electronics. He has more than two years of experience in Web design and writing Web content and more than five years of experience in electronics. He has written a number of articles for various websites.

More Articles

Photo Credits

  • photo_camera internet security badge silver image by patrimonio designs from Fotolia.com