Last Updated August 21 2023: When establishing a secure HTTPS connection with a server, a browser must validate that the certificate sent by the server is valid — that is to say, that: In the past, Chromium running on Windows delegated this validation task to APIs in the operating system, layering a minimal set ofContinue reading “TLS Certificate Verification Changes in Edge”
Tag Archives: certificates
HTTPS Goofs: Forgetting the Bare Domain
As I mentioned, the top failure of HTTPS is failing to use it, and that’s particularly common in in-bound links sent via email, in newsletters, and the like. Unfortunately, there’s another common case, whereby the user simply types your bare domain name (example.com) in the browser’s address bar without specifying https:// first. For decades, manyContinue reading “HTTPS Goofs: Forgetting the Bare Domain”
Certificate Revocation in Microsoft Edge
When you visit a HTTPS site, the server must present a certificate, signed by a trusted third-party (a Certificate Authority, aka CA), vouching for the identity of the bearer. The certificate contains an expiration date, and is considered valid until that date arrives. But what if the CA later realizes that it issued the certificateContinue reading “Certificate Revocation in Microsoft Edge”
Practical Time Machines
Many “emergency” situations in our modern world would’ve been easy to fix had they been foreseen in advance. If only we’d known what was going to happen, the badness could’ve easily been prevented. Unfortunately, when problems are discovered only “as they happen” in production, everyone must race to minimize the damage and put out theContinue reading “Practical Time Machines”
Inspecting Certificates in Edge
Curious about how to see a website’s HTTPS certificate in Microsoft Edge? You’ve got two options: A companion post to 2017’s post Inspecting Certificates in Chrome.
text/plain 