Monday, July 31, 2006

Garden Certificate - Microsoft MVP Site


In "Garden Certificate Basics", I provided background information about Website Certificates, including an example of a highly questionable website using a false certificate. This was brought about by a question a visitor to this site raised when presented with a Certificate for mvp.support.microsoft.com, which is linked in my first blog entry, "About Me".

In order to demonstrate how to examine a safe certificate, I deleted the certificate from my computer for mvp.support.microsoft.com. After closing the browser and reopening the link for this blog site, I was immediately presented with the certificate notice below. This gave me the option to accept the certificate permanently, accept the certificate just for the session, or, finally, to not only not allow the certificate but also not connect to the site.
Note that the pre-selected option is to temporarilly accept the certificate for the session:


I had one additional choice. That was to Examine the Certificate. That is the option I selected which opened the Certificate Viewer. Note the information presented: "Could not verify this certificate because the issuer is unknown." That does not mean that the site is not safe. The statement merely reflects that mvp.support.microsoft.com (in this instance) is not a recognized authority. Additionally note, however, the Common Name (CN) on the Certificate: mvp.support.microsoft.com.


Observe on the detail screen that the Certificate Hierarchy is indicated as mvp.support.microsoft.com. That matches the site URL linked in the previously mentioned blog entry, "About Me".

With those details; that is, the Common Name (from the General tab) and the Certificate Heirarchy both matching the URL for the MVP site, you know that it is safe to close the Certificate Viewer, and accept the certificate.


No comments: