Validate an SSL Certificate

As discussed in SSL Certificates, prior to submitting your username and password, you should first confirm that you are indeed transmitting your username and password to the legitimate VTS/IS, and not an imposter. To do so, you must check the SSL certificate provided by the VTS/IS to ensure it is valid. Although Microsoft Internet Explorer performs positive validation of the integrity of the received certificate, we recommend that you adopt the following measure as a secondary validation check.

When you visit a secure web site, it automatically sends you its certificate, and Internet Explorer displays a lock icon on the status bar. To review the certificate information, double-click the gold lock symbol in Microsoft Internet Explorer's status bar. A dialog opens and identifies the entity that issued the certificate, the entity owning the certificate, the date it was issued, and the date it expires. You should verify that the certificate does indeed state the correct owning entity (i.e. the <host+domain> name that you specified in the URL should exactly match the "Issued to:" field displayed in the certificate dialog.

For example, a valid certificate for a <host+domain> of computer.trihedral.com would be displayed as:

You should also check the Certification Path tab on the certificate to ensure that the certificate issuer is trusted. A good trust relationship causes the dialog to display a certificate status of OK and looks like: