A note on certificates
As you go through all the optional settings in the Internet Options dialog box, you eventually notice the Certificates section on the Content tab. First, let me just say there's really nothing you need to do, or should do, with those options unless you're specifically instructed to do so by a trusted Web site or certificate authority. Otherwise, it's all handled automatically without any intervention on your part.
But because I am getting into some of the more obscure aspects of secure Web browsing here, it might be worth learning what certificates are about and how they provide secure Web browsing. After all, when it comes to Internet security, knowledge is your best defense.
Here's the basic problem. Virtually all Web traffic takes place in plain text, meaning that no effort is made to disguise or hide the content being transmitted between a Web server and a Web browser. There's no need to disguise it. Most information on the Web is there for public consumption. And there's no need to disguise information that anybody and everybody can access from their own computer.
It's a different story when you make an online purchase and need to send your credit card information to the online store. That kind of information is most definitely not for public consumption. To make sure that it doesn't fall into the wrong hands, credit card information (and some other types of personal information) is encrypted before it's put on the Internet.
Encryption means that the information is encoded in such a way that if someone did manage to intercept it, it would do that person no good because opening the intercepted file would display nothing but meaningless gobbledygook. It can't be deciphered without the appropriate ''secret decoder ring.'' Or, in correct terminology, the interceptor doesn't have the appropriate private key to decode the message. Only the company to which you're sending the sensitive information has that private key.
A certificate is a means of making sure that the whole encryption process stays legitimate and safe. A site that wants to offer secure Web browsing to its customers applies to a company called a Certificate Authority (CA) for a certificate. The company has to prove its legitimacy as a business, have a stable place of business, and have people who will be held criminally responsible for any shenanigans.
When the company gets the certificate, it also gets a public key for encrypting files and a private key for decrypting files. (It's not a physical key; it's a computer file.) The company then sets up a secure Web server that has an https:// address. The s stands for secure.
When you browse to a secure Web site (one that starts with https://), some things happen behind the scenes to protect you. First, the server has to prove it's the actual Web site to your computer by sending its certificate. Your computer then checks the certificate holder's status with the CA to verify that the server is not an imposter and that the business hasn't had its certificate revoked for doing bad things with it.
Note If a certificate holder uses the certificate to commit a crime (such as ripping off customers), the certificate is revoked. You see a warning message not to do business with the site.
The certificate the server sends you also contains the site's public encryption key. So let's say you fill in your credit card information on a form on your screen. Then you click Submit to send it. Before that information leaves your computer, it's encrypted with the site's public key. It remains encrypted until it gets to the already-proven-safe Web server.
When it gets to that safe server, it can be decrypted with the company's private key to complete the transaction. Overall, the whole process is probably much safer than handing your credit card over to an unknown waiter, waitress, gas station attendant, or store clerk.
The trick is knowing when you're on a secure site. The easy way to tell is by looking at the address bar when you're on the page where you conduct the transaction. If its address starts with https://, it's okay. (If you previously chose the option not to see that message anymore, you won't see that message.)
Assuming that you haven't already turned off that message, you also see a message when you leave the secure connection. Also, the address of the page you go to will start with http:// rather than https://.
Both of the preceding messages are just there to keep you informed of when it is, and isn't, safe to send sensitive data across the Internet. If you did turn off those messages and want to see them again in the future, follow these steps:
- Click Tools and choose Internet Options or choose Tools → Internet Options from Internet Explorer's menu bar.
- In the Internet Options dialog box, click the Advanced tab.
- Scroll to the bottom of the list.
- Select the Warn If Changing Between Secure and Not Secure Mode and click OK.
In this tutorial:
- Using Windows 7 Internet Explorer
- Understanding How the Web Works
- Examples of Top-Level Domains and URLs of Web Sites
- Windows Explorer Versus Internet Explorer
- Using Internet Explorer
- Browsing to a Web site
- Using AutoComplete
- Using Back, Forward, and History buttons
- Magnifying a page
- Panes and toolbars
- Full-screen viewing
- Change your default home page
- Using Tabs
- Using Quick Tabs
- Creating multiple home page tabs
- Rearranging and removing home page tabs
- Personalizing tabbed browsing
- Shortcut keys for tabs
- Using Web Slices
- Using Accelerators
- Using RSS Feeds
- Optional settings for RSS feeds
- Using the RSS Feed Headlines gadget
- Managing Favorite Sites
- Adding tab groups to Favorites
- Starting Your Favorites Collection
- Organizing Favorites
- Importing and exporting Favorites
- Blocking Pop-Ups
- Using the Information bar
- When pop-ups still get through
- Using the SmartScreen Filter
- How the SmartScreen Filter works
- Getting the most from the SmartScreen Filter
- Deleting the Browser History
- Clearing AutoComplete entries
- Configuring AutoComplete
- Understanding cookies
- Deleting cookies
- Adjusting cookie privacy settings
- Looking at cookies and privacy policies
- Understanding temporary Internet files
- Clearing temporary Internet files
- Temporary Internet files settings
- A note on certificates
- Using Internet Security Zones
- Printing Web Pages
- Using Print Preview
- Saving Web Pages
- Copying content from Web pages
- Downloading pictures and videos
- Making Internet Explorer Your Default Browser
- Searching the Web
- Choosing search providers
- Choosing a default provider
- Searching from the Search box
- Searching from the address bar
- Getting More with Add-ons
- Managing add-ons
- Internet Explorer Help and Troubleshooting