It seems more and more of the general population is starting to take notice of SSL. They expect websites to use it (and are quick to point out when they’re not).
Beyond just triggering the padlock and HTTPS in browsers, there’s quite a bit more going on within the details of an SSL Certificate.
What Can You Learn from Digging into the Certificate Details?
There’s a lot of information in a certificate, including basic things like:
- Validity Period.
- Issuing Certificate Authority (CA).
- Subject (the domain it was issued to and depending on the type of certificate, identifying information about the company operating the site).
Certificate contents also cover technical aspects, such as:
- Key Usage.
- CRL Information.
- Signing and Hashing Algorithms Underlying the Encryption.
This information can be found from right within your browser! Clearly, the importance of these things is going to vary person to person and I don’t expect everyone to start diving into the certificate of every site they visit, but I do want to raise awareness that this type of information exists and how to find it. So let’s get to it.
How to View SSL Certificate Details
Chrome – Desktop (v.63)
Chrome has brought back the ability to access certificate details right from the main browser interface.
1. Click the padlock in the URL bar. This will trigger a dropdown; click the “Valid” link in the Certificate section.
2. This will bring up the Certificate window where you can click through to your heart’s content. Certificate contents (e.g. subject, validity period, algorithms) are on the “Details” tab.
Chrome – Mobile
Similar to the desktop version, the Android Chrome app makes it pretty easy to dive into certificate details.
1. Click the padlock icon next to the URL. Then click the “Details” link.
2. From here you can see some more information about the certificate and encrypted connection, including the issuing CA and some of the cipher, protocol, and algorithm information. To view details more details about the certificate itself, including the validity period and subject details, click “Certificate Information”.
3. You can view details for the other certificates in the path by clicking on the dropdown menu highlighted below.
Unfortunately, as of this writing at least, it doesn’t look like you are able to view much of anything about certificates in the iOS version of Chrome. If you click the padlock icon, you can see the name of the CA that issued the certificate, but that’s it.
The latest version of Firefox provides a little more information about the certificate directly in the main browser interface, with the ability to dive into further details with just a few clicks.
1. Clicking the padlock in the address bar brings up a preliminary dropdown that indicates a secure connection when properly configured SSL is in place. Click the arrow to the right of the dropdown to view more information about the certificate.
2. In the case of Extended Validation (EV) Certificates, you can see some identifying information about the organization operating the site. For non-EV Certificates (Domain Validated and Organization Validated), you will only see which Certificate Authority (CA) issued the certificate – the “Verified by:” section at the bottom of the pop-up. Click the “More Information” link to view more details.
3. This brings you to the security details of the page, where you’ll find more information about the website identity (for EV Certificates, the company name will be listed as the owner) and the protocols, ciphers and keys underlying the encryption.
4. If you want even more details about the certificate (and who doesn’t?), just click “View Certificate.” On the “Details” tab, you’ll find the certificate hierarchy and can dig through the certificate fields.
Internet Explorer (v.11)
Like Firefox, IE provides some certificate information from the main interface.
1. Clicking the padlock brings up the issuing CA (“GlobalSign has identified this site as:”) and a note that the connection to the server is encrypted. There is also some identifying information but again this varies between EV vs. non-EV (DV or OV) Certificates. EV Certificates contain the company name and location, while DV and OV only show the domain.
Bad news for Edge users – there is currently no way to view certificate details using the browser. While some information from the certificate is displayed if you click the padlock, including the Root CA the certificate chains up to and some of the subject information, there is unfortunately no way to view the full certificate path or other details such as validity period, signing algorithms, and Subject Alternative Names (SANs). We hope Microsoft adds this functionality into future versions, but until then, here’s how to view the information they do include.
1. Click the padlock to view some information from the certificate.
Safari (v.11) – MacOSX
Note: As of this writing, there is no way to view certificate details in mobile (iOS) Safari.
1. Click on the padlock (you must click the padlock icon specifically; clicking elsewhere will just make the URL appear) to view more details about your connection to the website. If the site is using an EV Certificate, the name of the issuing CA, the company’s name, and the company’s address will also be shown. Click the “Show Certificate” button to view more information.
2. You can now see the certificate path, expiration date, and validity. To view additional details, including subject, signing algorithms, and other certificate goodies, click “Details”.