Why do web browsers (like Firefox and IE) complain of insecure connection issues whenever they visit URLs from sites I link via https


As an example, click on https://www.sciencedaily.com/releases/2012/04/120430140033.htm

Normally, I use Chrome to force all of the sites I visit to go through https, so the links I click are also https links. I could remove the "s" in https but I hate added friction.

Best Answer

Open the certificate and you'll find out what the problem is:

enter image description here

The certificate was issued by an authority that is not (or no longer) trusted.

This means the authority could have been compromised and the server you're talking to isn't the one you think. Someone might have just created a duplicate of the certificate of the original server and signed it with the compromised CA key.

Encryption is only half the game. You also have to ensure that your encrypted data go to whomever you want!

Or it could just mean that whoever runs the server used a self-signed certificate to provide only encryption without any means of party verification.

Related Question