It may sometimes be useful for security purposes to make sure that you are connected to the right website, and not a spoofed copy of it. While this may be less of an issue at home, you may run into all sorts of troubles when you are using public Internet connections.
It is rather difficult on first sight to make sure that you are really connected to the right secure website and not a copy that traffic gets redirected to. This can for instance be done by spoofing a site's certificate
One of the options that you have in regards to https connections is to use fingerprints for verification, as fingerprints cannot be spoofed. So to make sure you are on the right site, you compare the fingerprint of its certificate in your browser against a trusted source that provides you with fingerprint records of its own.
Each web browser handles this in a different way:
Now that you know how to look up the fingerprint of a website's or server's certificate, it is time to compare the fingerprint using a second source.
The GRC website can be used for that purpose. Just visit the fingerprint page on it and either look at one of the popular fingerprints at the top, or enter the website you want to retrieve the certificate fingerprint for below in the form.
All you have to do is compare the fingerprint displayed in the web browser to the certificate pulled by the script on the GRC website.
As a side note: Make sure the GRC website shows a green listing and lock icon in Firefox, Chrome or Opera, as this is an indicator of an authentic Extended Validation Certificate.
Once you have have compared the fingerprint that is displayed in your web browser of choice to the fingerprint that the GRC website provides you with, you know that the connection is either valid or spoofed.
Exception: Companies may use multiple certificates which all come with their unique fingerprint. Depending on which server you are connected to, it may mean that the certificate differs even if you are connected to the real website or server.
The technique is ideal to make sure you are connected to the right secure website. While it may not provide you with a definitive answer that a certificate is spoofed if fingerprints do not match, it still may make you more cautious because of it.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.