Understanding Web Trust

It helps to understand how your web browser decides to trust or not trust a particular web site.

In a simplified format, the communications goes something like this:

And if you are not part of the trusted RootCA?

At which point you will see an error in your browser, for example, from Google Chrome:

If you scroll down, there should be an advanced button you can click.

This will open up the option to continue to the site even through the certificate is not trusted.

Some browsers will provide more details about the certificate you are being asked to trust. Safari on OSX will present a short warning:

With a button to show additional information about the connection. The additional details from Safari allow you to continue to the site, but also include an option to view the certificate in question:

For the Securing Labs private certificate, something similar will be shown:

If you scroll down, you can verify that the certificate is only encrypting for the Securing Labs domain that you are accessing.

This certificate is not an attempt to interfere with trusted domains, it is simply not known by the Root certificates that support the web.

Being a development and test site, there are many uses for self signed private certificates, and to utilize the services here, you will have to allow access to the site when presented with warnings.

[danger] Certificate Errors

Accepting a certificate from a Securing Labs domain does not mean you should always ignore certificate errors. If you were ever to see this error when browsing to your bank, or a work site, be warned that is most likely a serious risk!

For the purposes of Securing Labs access, you are not exposing yourself or your system to the dangers the browser may warn you about, you are simply choosing to trust a known private site.