There’s much more than a padlock to check for when looking for a valid SSL certificate…

If you don’t have a valid SSL certificate on your website, the users coming to your website will be shown a pesky error that’s highly likely to scare them away. Nobody wants that, and that’s why most websites are now equipped with SSL/TLS security. If you have a website, you need a valid SSL certificate – it’s as simple as that. Many website owners install SSL/TLS certificates on their websites, but they forget to check whether they’ve installed a valid SSL certificate or not. In other words, they don’t verify if they have installed the certificate correctly.

We know that sounds very stupidly obvious, but it’s the case with many websites. But that’s why we’re here. In this article, we’ll help you know whether you’ve installed the SSL/TLS certificate correctly or not. We’ve divided this process into a series of steps that you’ll need to perform. After these steps, you’ll have complete knowledge of your SSL/TLS certificate installation and know if you have a valid SSL certificate!

Let’s get started!

What Is A Valid SSL Certificate

An SSL certificate is a digital certificate that authenticates the website owner’s identity and establishes a secure communication channel between the server and the client. A valid SSL certificate is an SSL certificate that has not expired, suspended, revoked, or invalid due to any other reason.

How To Know If SSL Is Working?

It is very easy to know if SSL is working by following the simple steps given below:

• Click on the padlock button on the address bar
• Click on the “Certificate (Valid)” option
• Check “Valid from – to” dates
• Click on the “Details” section to know more details about the certificate

How Do You Know If You Have An SSL Certificate

The simplest answer to the question, “How do you know if you have an SSL certificate?” is to check if the website has a padlock icon on the address bar. If you want to know the validity period of the SSL certificate, you can click on the padlock icon. If you want to know more details about the certificate, you can click on the “Certificate (Valid)” button and then go to the “Details” section.

Checking for a Valid SSL Certificate Step 1: Do You Have an SSL Certificate From a Trusted Certificate Authority (CA)?

The first thing you need to check about your SSL certificate is whether it’s a self-signed SSL certificate or it’s from a trusted certificate authority. If it’s a self-signed SSL certificate, then it’ll result in a security warning. You don’t want that, do you? That’s why we always recommend you to get an SSL certificate from a trusted certificate authority (CA).

Checking for a Valid SSL Certificate Step 2: Visit Your Website and Check for the Padlock in the Address Bar

Once you have an SSL certificate from a trusted certificate authority, the first thing you need to check for is the HTTPS padlock in the URL. This padlock is the indicator that SSL/TLS security is in place. If you see the padlock when visiting the website, then it indicates that an SSL/TLS certificate has been installed (not necessarily correctly). Click on the padlock and click on the option that is labeled “certificate” or something similar, and check for its validity.

Move to the next step only if you see the padlock, and the validity is the same as the certificate you installed. If not, you’ll need to install your SSL/TLS certificate correctly.

Checking for a Valid SSL Certificate Step 3: Check Your SSL Certificate Installation in Depth

If you see the padlock in the address bar of your website, then it’s undoubtedly a good thing. However, that’s not enough as there could be an underlying problem with your SSL/TLS certificate installation. That’s why you’ll need to run an in-depth test that will cover SSL installation from every angle. To do so, you’ll need to go to SSL Labs, and check your website.

What Could be Wrong with My SSL/TLS Certificate Installation?

SSL/TLS is like a flight that has a lot of moving parts. You need to check for each part before the plane takes off. If not checked, there could be a plane crash coming your way. That’s why we recommend checking for the below-mentioned pitfalls that are usually responsible for an invalid SSL/TLS certificate.

Self-Signed SSL Certificate: Browsers will show a security warning if the SSL/TLS certificate is signed by yourself, and not by an authorized SSL/TLS certificate authority. These certificates are known as “self-signed certificates.”

Disapproved Certificate Authority (CA): If the SSL/TLS certificate authority (CA) isn’t valid, it won’t be recognized by the browser. This will result in a security warning that you don’t ever want to see on your website.

Expired SSL Certificate: If the SSL/TLS certificate has been expired, then the browsers will consider it to be invalid.

Mixed Content: If the website has content/resources that are not secure over HTTPS/SSL, then this is also a significant issue. What’s the point of installing an SSL certificate if the entire website isn’t protected by it?

Server Supports Insecure Protocols: If your website server still runs on the older, broken protocols, then it’s definitely a matter of concern. Your website is at risk as long as you’re using those protocols.

Final Comment

What’s the point of carrying a sword for self-defence if you don’t know how to use it? Similarly, there’s no point in just “installing” an SSL certificate if you don’t know it’s a valid SSL certificate. You need to know whether your sword is good enough, and you need to learn how to use it.