2.11 Given a scenario, configure relevant security settings in a browser.
📘CompTIA A+ Core 2 (220-1202)
1. What is a Secure Website or Secure Connection?
A secure website is a website that protects data while it is being sent between a user’s browser and a web server.
In a browser, a secure connection is usually identified by:
- HTTPS instead of HTTP
- A padlock icon in the address bar
HTTPS means that the website is using encryption to protect data such as:
- Login usernames and passwords
- Form data
- Payment or personal information
For the exam, you must understand that HTTPS = secure connection.
2. What Is a Digital Certificate?
A digital certificate is a file used to prove that a website is genuine and secure.
A certificate:
- Confirms the identity of the website
- Enables encrypted communication
- Prevents users from connecting to fake or malicious websites
Digital certificates are a key part of browser security.
3. What Is a Valid Certificate?
A valid certificate means the browser trusts the website.
A certificate is considered valid when:
- It is issued by a trusted Certificate Authority (CA)
- It has not expired
- It is being used for the correct website name
- It has not been revoked
- The certificate chain is complete and trusted
If all checks pass, the browser shows:
- A padlock icon
- No security warnings
4. Certificate Authority (CA)
A Certificate Authority (CA) is a trusted organization that issues digital certificates.
Examples of trusted CAs (exam-level knowledge):
- Public certificate providers trusted by operating systems and browsers
Browsers automatically trust certificates issued by CAs that exist in their trusted root certificate store.
Important Exam Point
If a certificate is not issued by a trusted CA, the browser will show a warning.
5. How Browsers Use Certificates
When a user visits an HTTPS website, the browser:
- Checks the website’s certificate
- Verifies the issuing CA
- Confirms the certificate is valid and not expired
- Confirms the website name matches the certificate
- Creates an encrypted session
If any check fails, the connection is not trusted.
6. Common Certificate Problems (Very Important for Exam)
1. Expired Certificate
- Certificates have an expiration date
- An expired certificate is not trusted
- Browser shows a security warning
2. Untrusted Certificate Authority
- Certificate issued by an unknown or private CA
- Browser cannot verify trust
- Common in test or internal environments
3. Name Mismatch
- Website address does not match the certificate
- Example: certificate issued for
siteA.combut user accessessiteB.com - Browser blocks or warns
4. Revoked Certificate
- Certificate is canceled by the CA
- Often due to compromise or misuse
- Browser treats it as unsafe
7. Browser Security Warnings and Errors
When a certificate is invalid, browsers may display messages such as:
- “Your connection is not secure”
- “Certificate not trusted”
- “Certificate expired”
- “Site identity cannot be verified”
For the exam:
- These warnings mean the certificate is invalid
- Users should not proceed unless they trust the source
8. Managing Certificates in a Browser (Exam Knowledge)
Browsers allow users or administrators to:
- View certificate details
- Check expiration dates
- See the issuing CA
- Manage trusted certificates
In enterprise environments:
- Organizations may install internal certificates
- Browsers must trust the internal CA for connections to be secure
9. HTTPS vs HTTP (Quick Exam Comparison)
| Feature | HTTP | HTTPS |
|---|---|---|
| Encryption | No | Yes |
| Certificate | Not used | Required |
| Secure | No | Yes |
| Exam Recommendation | Avoid | Always use |
For the exam, HTTPS is always preferred.
10. Why Valid Certificates Matter (Exam Focus)
Valid certificates:
- Protect data in transit
- Prevent man-in-the-middle attacks
- Ensure users are connecting to legitimate websites
- Are required for secure logins and transactions
Invalid certificates:
- Indicate a security risk
- Trigger browser warnings
- Should not be ignored in secure environments
11. Key Exam Takeaways (Must Remember)
- HTTPS means a secure, encrypted connection
- A valid certificate is trusted, current, and correctly issued
- Browsers rely on trusted Certificate Authorities
- Certificate errors = security risk
- Expired, revoked, or untrusted certificates are invalid
- Secure websites always require valid certificates
Final Exam Tip
If the question mentions:
- Padlock missing
- Certificate warning
- Untrusted site
- Expired certificate
👉 The correct answer is related to invalid or untrusted certificates.
