Web Browsers Treat SSL Certificates Differently
Web browsers treat SSL Certificates differently. This, unfortunately, is not very good. Because different browsers support different formats and check SSL Certificates differently from other web browsers, not all SSL Certificates are verified properly. Thus, some websites who already have revoked SSL Certificates may seem protected even though the certificate is not working anymore.
Effects of Different Treatment of Browsers to SSL Certificates
Because web browsers are trying to compete with one another, they are operating in different ways. This may seem good because you will be able to choose the kind of browser that you want based on their operation. But, this is not very good in terms of SSL Certificates. This can bring confusion, which might render SSL Certificates useless in the eyes of Internet users, regardless of how useful it is.
- Different Validation Process
There are two ways to determine whether an SSL Certificate is revoked or not. Browsers can either have OCSP or Online Certificate Status Protocol check if the certificate is still working or they can check the CRL or Certificate Revocation List to see if the certificate is included in the list of unrevoked certificates.
By checking the certificate through OCSP, the certificate can be distinguished on real-time, which is advantageous as this will enable the browser to know whether the certificate is truly revoked or not. Checking the certificate through CRL would not be too helpful as the cached SSL Certificate file might still show up, which can give false results. It may look simple but for Internet users who need utmost protection, this is a big issue.
Web browsers treat SSL Certificates differently, which makes a revoked certificate to look otherwise, which can result to problems regarding a website’s security.
- Some Browsers Perform Better than Others
Some browsers perform better than others when it comes to verifying the authenticity and revocation of SSL Certificates. While Google Chrome and Firefox are very popular, Internet Explorer and Opera are considered to be some of the best browsers for verifying certificates.
Firefox does not download CRLs automatically and checks OCSP to see the real-time status of the certificate. This may sound good since real-time results are better than lists but since some certificates issued by Network Associates do not provide OCSP server URLs, CRL is the only option to verify the authenticity of the certificates, which is not possible on Firefox if the certificate is not EV.
Google Chrome and Safari, on the other hand, don’t check the entire certificate chain and just checks the server’s certificate, which can result to problems especially when the certificate chain is not valid.
Because of the different approach of browsers in verifying SSL Certificates, data and connection encryption may seem futile. This will make certificates ineffective, rendering them to be unnecessary, which would make Internet a very scary place to do transactions. Browsers should make necessary changes to be able to make the verification of SSL Certificates efficient before Internet users lose trust in the protection that these certificates can provide.
Web Browsers Treat SSL Certificates Differently: Chrome, Firefox, Safari, Explorer