Transport Layer Security (TLS) secure website certificates verify the integrity of both the ownership and information of websites you visit. This article explains how it works.

What websites use certificates?

Websites whose addresses start with https use TLS server certificates. Websites using TLS server certificates are secure only insofar as they provide assurance of two things:

• The website administrator owns or has control over the domain name, ensuring users connect to the legitimate site and not a spoofed or malicious copy the website.
• Encrypted data exchange over TLS between the browser and the website to provide protect against eavesdropping or from being tampered with by unauthorized parties.

Chain of trust

Browsers such as Firefox verify certificates through a hierarchy called a chain of trust. It defines a structure for browsers and other programs to verify certificate integrity. It's a list of three certificates:

• The root (trust anchor) certificate
• The intermediate certificate
• The TLS server (end entity) certificate

Let's define them: the root certificate belongs to the Certificate Authority (CA), which issues TLS server certificates and the browser inherently trusts; the intermediate certificate acts as an intermediary (certificate-issuing CA) between the root CA and the website; the TLS server certificate is issued to the entity or organization that demonstrates control over the website's domain.

TLS server certificates rely on public key cryptography in which an asymmetric key pair has two mathematically related keys:

Private Key: This key is kept secret by its owner and is used for cryptographic operations such as signing data (including certificates) or decrypting information encrypted with the public key.

Public Key: This key is shared publicly and is used to verify signatures created by the private key or to encrypt information that only the private key can decrypt.

Public key certificates contain the following information:

• Details about the Certificate Authority (CA) that issued the certificate
• A public key belonging to the organization that received the certificate
• Identifying details about the organization that holds the private key (see Certificate content below. For TLS, this is primarily the domain name of the website)

Now, we can describe how Firefox determines whether a website is secure.

How does Firefox verify certificate integrity?

Here is how Firefox uses the chain of trust to verify TLS server certificates:

1. Firefox downloads the certificate of the website you visited.
2. Firefox checks the certificate against its internal database of trusted Certificate Authorities (CAs).
   • It uses the public key of the root CA certificate to ensure that the root certificate and intermediate certificate have been properly signed down the chain to the TLS server certificate that the website has provided.
3. Firefox checks the information in the certificate to ensure that the website you're connected to matches the website listed in the certificate.
4. Firefox generates a symmetric (single) key for encrypting HTTP traffic for the connection.
5. Firefox encrypts the symmetric key with the public key of the server, which is found in the server certificate.
6. The private key, which is on the web server, decrypts the necssary connection data to complete what is known as the TLS handshake.

Secure communication can then occur between Firefox and the website.

Viewing a certificate

To view a certificate, follow these steps:

1. Click on the padlock icon in the address bar.
2. In the Site Information panel that opens, click on Connection secure.

   

3. In the next panel, click on More Information.

   

4. In the Page Info window that opens, click on View Certificate.

   

Firefox will now open the about:certificate page to display information about the certificate for the website you're on:

The three tabs show, from left to right, the TLS server certificate, the intermediate certificate and the root certificate.

Certificate content

TLS server certificates contain the following information:

• Subject: Contains optional attributes, such as the website name and other information about the organization owning the certificate.
• Issuer: Identifies the CA entity that issued the certificate.
• Validity: Shows how long the certificate is valid for.
• Subject Alt Name Extension: Lists the website addresses that the certificate is valid for.
• Public Key Info: Lists attributes of the public key of the certificate.
• Serial Number: Uniquely identifies the certificate.
• Signature Algorithm: Algorithm used to create the Signature.
• Fingerprints: Hash of the certificate file in DER binary format.
• Key-Usage and Extended Key Usage: Specify how people can use the certificate, such as for performing TLS web server authentication.
• Subject Key ID: An identifier generated from the TLS certificate's public key as a way to identify the certificate.
• Authority Key ID: An identifier generated from the CA's public key as a way to identify the public key corresponding to the private key used to sign the certificate.
• CRL Endpoints: The locations of the Certificate Revocation List (CRL) of the issuing CA.
• Authority Info: Contains the validation method for the certificate authority and the intermediate certificate file.
• Certificate Policies: Contains pointers to the type of TLS certificate it is (e.g. information verified when the certificate was issued).
• Embedded SCTs: Lists the Signed Certificate Timestamps (SCTs).

Problematic certificates

When you visit a website whose address starts with https and there is a problem with the TLS certificate, an error page will display. The What do the security warning codes mean? article describes common certificate errors.

To view the problematic certificate, follow these steps:

1. On the warning page, click Advanced…

   

2. Click on View Certificate.

   

The bad certificate will now display.