Certificates

3.5 Given a scenario, configure and use web browsers.

📘CompTIA ITF+ (FC0-U61)

When you visit a website, your browser needs to ensure that the website is legitimate and that the connection is secure. This is done using digital certificates, also called SSL/TLS certificates. Certificates are a way of proving that a website is who it says it is and that data sent between you and the website is encrypted.

Think of certificates as digital ID cards for websites.

1. What is a Certificate?

A certificate is a small piece of data issued by a Certificate Authority (CA). It contains:

  • The website’s name (domain name)
  • The public key used for encryption
  • The certificate authority that issued it
  • Validity dates (start and expiration)
  • Other identifying information

When a browser sees a certificate, it checks whether it is trusted and valid before allowing a secure connection (HTTPS).

2. Valid Certificates

A valid certificate means the website is trustworthy and secure. A browser will accept it without warnings.

A certificate is valid if:

  1. Issued by a trusted Certificate Authority (CA)
    • Browsers maintain a list of trusted CAs.
    • If the certificate comes from one of these CAs, the browser trusts it.
  2. Current and not expired
    • Certificates have a start date and an end date.
    • If the certificate is within its valid period, it’s valid.
  3. Domain matches
    • The certificate must be issued for the domain you are visiting.
    • Example: A certificate for example.com cannot be used for abc.com.
  4. Not revoked
    • Sometimes certificates are revoked if they are compromised. Browsers check for revocation using CRL (Certificate Revocation List) or OCSP (Online Certificate Status Protocol).

Browser behavior with valid certificates:

  • Shows a padlock icon in the address bar.
  • Uses HTTPS, ensuring that data is encrypted.
  • Allows the user to interact safely with the site.

3. Invalid Certificates

An invalid certificate means there is a problem, and the browser cannot fully trust the website. Accessing a site with an invalid certificate can be risky because your data could be intercepted or the site might be impersonating another site.

A certificate can be invalid if:

  1. Expired
    • Certificates are only valid for a set time (e.g., 1 year).
    • After expiration, the browser warns the user that the certificate is no longer valid.
  2. Domain mismatch
    • If the certificate was issued for siteA.com but you are visiting siteB.com, the browser flags it.
  3. Not issued by a trusted CA
    • If a certificate is self-signed (created by the website owner) or issued by an untrusted CA, the browser warns the user.
  4. Revoked certificate
    • If the certificate was compromised or misused, the CA can revoke it.
    • Browsers check online and warn users if the certificate is revoked.

Browser behavior with invalid certificates:

  • Shows a warning page or red padlock.
  • May prevent access entirely or allow the user to proceed at their own risk.
  • Alerts the user that the connection is not fully secure.

4. Why Certificates Matter in IT

In an IT environment, certificates are critical for:

  • Securing web applications (e.g., intranet portals, e-commerce sites)
  • Encrypting sensitive data (login credentials, payment information)
  • Authenticating servers (proving the server is legitimate)
  • Preventing Man-in-the-Middle attacks (MitM) where attackers intercept data

IT staff must manage certificates properly:

  • Ensure all websites and services have valid certificates
  • Renew certificates before they expire
  • Use certificates from trusted CAs, not self-signed unless for internal testing
  • Monitor for revoked certificates and replace them immediately

5. Summary Table

Certificate TypeWhat it MeansBrowser Action
ValidTrusted, current, domain matches, not revokedShows padlock, HTTPS, safe to use
InvalidExpired, domain mismatch, untrusted CA, revokedWarning page, red padlock, may block access

Exam Tips:

  • Remember that HTTPS depends on valid certificates.
  • Browsers check validity automatically; if there’s a problem, the user is warned.
  • Invalid certificates are security risks, even if the site looks normal.
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by