๐Ÿ” Why HTTPS Has Become Essential

Posted by

  



Today, security is a central theme in any operation we carry out. Since most of these operations are carried out online, knowing how to protect yourself in this area has become fundamental.

Among the many precautions, there is one essential and simple to observe: verify the use of HTTPS by the sites we visit.

๐Ÿ”— Do you like Techelopment? Check out the website for all the details!

๐Ÿ“ก The Era of Insecure Web (HTTP)

Until a few years ago, most websites used the HTTP protocol (HyperText Transfer Protocol). This protocol is simple and fast, but it has a serious flaw: data travels unencrypted. Anyone in the middle of the communication (a hacker, a shady provider, or even a public Wi-Fi network) can intercept and read all traffic.

๐Ÿง‘‍๐Ÿ’ป Real Risks: Sniffing, Man-in-the-Middle, Data Theft

When you browse an HTTP site and enter a password, a credit card number, or even just your name, this information can be intercepted without much technical effort. This clearly showed the need to secure web communications.

๐Ÿ”’ The Answer: HTTPS

HTTPS (HTTP Secure) is the result of combining HTTP with a layer of TLS encryption (formerly SSL). The purpose of HTTPS is to:

  • Encrypt communications
  • Ensure data integrity (no changes in transit)
  • Verify the identity of the site you are connecting to

But who guarantees the site is really who it claims to be?


๐Ÿ› The Role of Digital Certificates

To establish a secure HTTPS connection, a website must have a digital certificate, issued by a Certification Authority (CA), a trusted entity.

๐Ÿงพ What Is a Digital Certificate?

It’s an electronic file that includes:

  • The domain name (e.g. www.example.com)
  • The site’s public key
  • Information about the issuing Certification Authority
  • The CA’s digital signature
  • An expiration date

๐Ÿ” Types of HTTPS Certificates: DV, OV, EV

There are three main types of HTTPS certificates, which differ in the level of validation performed on the site owner.

1. ✅ DV - Domain Validation

  • What does it verify? Only domain ownership.
  • How is it obtained? Automatically, via email or DNS check.
  • Examples: Let’s Encrypt, ZeroSSL.
  • Pros: Fast, free.
  • Cons: Doesn’t verify who is behind the site. A phishing site can have a DV certificate.

๐Ÿ”Ž Common use: personal blogs, small projects, development environments.

2. ๐Ÿข OV - Organization Validation

  • What does it verify? Domain ownership and organizational information (company name, address).
  • How is it obtained? Requires submitting business documentation and manual validation.
  • Pros: More trustworthy.
  • Cons: More expensive, takes longer.

๐Ÿ”Ž Common use: business websites, B2B portals, client management platforms.

3. ๐Ÿ› EV - Extended Validation

  • What does it verify? Everything required for OV, plus an in-depth legal and organizational vetting.
  • How is it obtained? Very strict validation process by the CA.
  • Pros: Maximum level of trust.
  • Cons: Expensive, time-consuming to issue.

๐Ÿ’ก In the past, browsers used to show the legal company name next to the URL for EV certificates (e.g. "BANK OF AMERICA CORPORATION").

๐Ÿ”Ž Common use: banks, insurance companies, large e-commerce platforms.


๐ŸŒฑ How Does an HTTPS Certificate Start?

  1. Everything starts with a DV: It’s the minimal requirement to enable HTTPS. It’s the starting point.
  2. Natural evolution:
    • A site can start with a DV and later, for branding or security reasons, upgrade to OV or EV.
    • This upgrade involves requesting a new certificate and installing it on the server.

๐Ÿ” How to Know What Type of HTTPS Certificate a Site Uses

The padlock alone doesn’t tell you whether a certificate is DV, OV, or EV. Modern browsers show very limited visual clues, but there are still ways to check the certificate type.

๐Ÿงญ Method 1: Using the Browser

๐Ÿ”— Google Chrome / Microsoft Edge / Brave

  1. Click the padlock icon in the address bar (left of the URL).
  2. Select "Connection is secure" or similar.
  3. Click "Certificate is valid" (or "Details").
  4. A window opens with certificate information.

In the "Subject" or "Issued to" field:

  • If you see only the domain name, it’s most likely a DV.
  • If you also see company name and address, it’s an OV.
  • If you see jurisdiction and registration number, it’s an EV.

๐ŸฆŠ Firefox

  1. Click the padlock → "Secure connection".
  2. Then "More Information" → "View Certificate".
  3. The subject field will show if it’s DV, OV, or EV.

๐Ÿ›  Method 2: Use Online Tools

You can use free tools to analyze a website’s SSL certificate:

These tools will explicitly show the certificate type and provide full technical details.

๐Ÿ’ก Tip for Curious Users

In the Organizational Unit or Subject fields of the certificate you’ll often find direct clues:

  • If empty: DV
  • If it shows a company name: OV
  • If it includes legal jurisdiction and full company data: EV

๐Ÿ”š Final Thoughts

Not all HTTPS certificates are the same. The padlock is just the first step: knowing what type of certificate was issued tells you how deeply the site’s identity has been verified. This is crucial when trying to tell the difference between a personal blog and an online banking site.

What you need to keep in mind is to always check if a site uses HTTPS.

Make sure at least one of these 2 things:

  • the address of the site you are visiting has https:// at the beginning of the URL (e.g. https://agencysite.com)
  • the address bar has the padlock icon ๐Ÿ” or click on the icon next to the URL and check that it says "Secure connection"



Follow me #techelopment

Official site: www.techelopment.it
facebook: Techelopment
instagram: @techelopment
X: techelopment
Bluesky: @techelopment
telegram: @techelopment_channel
whatsapp: Techelopment
youtube: @techelopment