Does SSL certification have anything to do with the website's legitimacy? Are those websites which has it are under some kinda monitoring? Generally speaking, can a company say they follow the law because their website has SSL certification?
Asked
Active
Viewed 970 times
15
-
Possible duplicate of [How does SSL/TLS work?](http://security.stackexchange.com/questions/20803/how-does-ssl-tls-work) – Deer Hunter Mar 10 '16 at 21:12
2 Answers
23
No.
You are confusing an SSL / TLS certificate with some kind of standards-compliance certification from either government or industry (ex.: ISO-9000).
A TLS Certificate:
- Is used only for encrypting connections from one computer to another.
- Links your public key to your server's domain name so that a web browser knows that it is talking to the correct server.
- To get it, all you have to do is prove that you own the server and the domain name.
- The people who give out TLS certificates absolutely do not care what you do with the certificate after you have it (that's not their job).
A standards-compliance certification:
- Is used for showing that your company is accountable and trustworthy.
- Shows that the people in your company follow a set of rules in their day-to-day business (either government rules, or industry rules like an ISO certification).
- To get it, auditors come to your workplace and observe that your people do things according to the rules.
- Standards bodies will continue to audit your company, and you can lose your certification if you stop following the rules or do something bad.
Mike Ounsworth
- 57,707
- 21
- 150
- 207
-
9**EV** (Extended Validation) certificates -- the ones that show a green bar or icon in (most?) browsers -- do check that your company or organization actually *exists*; e.g. a cert for BobsBarbecue.com requires you control the domainname *and* you are registered with your country or state etc as Bob's Barbecue Ltd. It (still) does NOT check if you are honest and/or competent, i.e. whether your customers will actually get delicious BBQ, food poisoning, or nothing at all. – dave_thompson_085 Mar 11 '16 at 11:26
3
Assuming OP meant "legitimacy" instead of "legibility":
No, having an SSL certificate does not mean a website is good behaving. It just means you have proved ownership of the domain name.
Now that Let's Encrypt offers free, and easy, to acquire SSL certificates, malvertisements over HTTPS have increased greatly. Source
d1str0
- 2,348
- 14
- 24
-
2d1str0's answer is correct. The use of SSL Certificates has no bearing on the content hosted. The content of a website can literally be anything malicious or not. – Trey Blalock Mar 10 '16 at 21:28