Certificate Signatures and Secure HTTP
by Jeff Hunter
You can connect to this web site securely using https. If you're connecting from work, a public terminal, or through an insecure network, using https will ensure that the pages you view and the messages you type on this site cannot be intercepted by any government, employer, or other snoop. All data passing between your browser and the totse.com web server will be encrypted using the latest encryption technology.
You can connect to this web site securely using https at the following URL:
https://www.totse.com/
Basically, if you change the URL for any page from "http" to "https" you'll be viewing that page securely. Once you start viewing pages securely, you'll continue to view additional pages securely when following the links on this site.
Rather than shell out a few hundred bucks per year for a certificate signed by Verisign or Thawte, totse.com uses a self-signed certificate. This means that the certificate authority IS totse.com, and since totse.com is not going to show up as a registered certificate authority already built into your browser, you'll get a warning message that your browser does not recognize the certificate authority "www.totse.com".
Go ahead and accept the certificate that is presented. If you're really paranoid, you can check the SHA1 and MD5 fingerprints of the certificate as shown in your browser. It should read as follows:
SHA1 Fingerprint=30:B5:FF:FF:36:EC:31:F8:AB:9F:0B:12:C4:61:76:7A:14:6C:EF:73
MD5 Fingerprint=89:64:5E:7D:E8:9A:DA:7E:1D:CD:3C:B3:21:2A:9C:03
Those are the fingerprints for this site's certificate. If those match what you're seeing, the certificate really is from totse.com.
|