Connect
Ask Community
Ask the community
Ask Community
  • Home
  • General
  • Are all HTTPS connections secure even with SSL/TLS certificates?

Are all HTTPS connections secure even with SSL/TLS certificates?Solved

Profile photo of sybylla
sybylla
Participant
Discussion
Hexnode UEM
1 week ago

Hey everyone, I’ve been trying to understand how SSL/TLS certificates work, and I have a few questions. I get that HTTPS encrypts the connection, but where do SSL and TLS fit into this? Also, I’ve noticed that some websites show a padlock while others don’t, even if they use HTTPS. Does this mean not all HTTPS connections are equally secure?

topic view count 15 Views

Tags

Android (321) Best Practices (12) iOS (271) macOS (334) Windows (195)
Reply

Replies (3)

Marked SolutionPending Review
Profile photo of aurora Veteran image
aurora
Participant
1 week ago
Marked SolutionPending Review

@sybylla, SSL was the original cryptographic protocol used to encrypt communications between browsers and websites. However, it had several security flaws over time, which led to the development of TLS. TLS is the modern standard and is much more secure, but people still refer to it as SSL out of habit.

As for the padlock, it depends on the type of SSL/TLS certificate a website uses. There are different levels of validation such as Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV). If a site has a DV certificate, it will still show a padlock, but it won’t display additional details about the organization, unlike OV or EV certificates.

Marked SolutionPending Review
Profile photo of tomas Novice image
tomas
Participant
1 week ago
Marked SolutionPending Review

Also, @aurora I’d like to add that just because a site has HTTPS doesn’t mean it’s automatically trustworthy. Scammers can also obtain SSL certificates, especially DV certificates, since those don’t require much verification. Some phishing sites use HTTPS to appear legitimate. That’s why browsers like Chrome and Firefox have started enforcing stricter checks on Certificate Authorities (CAs).

A few years ago, one of the major CAs was caught issuing thousands of certificates without proper verification, leading to some serious security concerns. Google and Mozilla responded by downgrading trust in that CA’s certificates. So, while HTTPS is crucial for encryption, it’s still important to verify who issued the certificate and whether the site is legitimate.

Marked SolutionPending Review
Profile photo of casper Veteran image
casper
Participant
1 week ago
Marked SolutionPending Review

@tomas Another thing to watch out for is self-signed certificates. Sometimes, websites generate their own SSL certificates instead of getting one from a trusted CA. When you visit such sites, browsers usually warn you that the certificate is not trusted. This doesn’t always mean the site is malicious, it could be a private server or an internal company website, but for public websites, it’s a red flag.

To stay safe, I always check the certificate details by clicking on the padlock icon. If the certificate was issued by a well-known CA, it’s generally more reliable. But if it’s self-signed or from an unfamiliar CA, I’d be cautious.

Load more
Save
Related Topics

Leaderboard

Profile photo of remi Veteran image
remi
550 pts
Profile photo of bram Veteran image
bram
540 pts
Profile photo of boris Veteran image
boris
540 pts
Profile photo of wilma Veteran image
wilma
515 pts
Profile photo of luuk Veteran image
luuk
515 pts
View all

Popular Tags

ABM (32)
Android (321)
iOS (271)
macOS (334)
Windows (195)
Apple TV (19)
App Management (269)
Enrollment (60)
Location (21)
Kiosk (156)
Scripts (69)
DEP (34)
OS Updates (62)
Android Enterprise (73)
View all