End User Facing Validation

I’ve looked around and can’t seem to find this, so maybe it doesn’t exist, but I’m looking for a link to some type of website that would validate a certificate is valid to a regular end user (non-technical). I want to link to this from the Let’s Encrypt logo on my website.
Something like: https://secure.comodo.com/ttb_searcher/trustlogo?v_querytype=W&v_shortname=SC5&v_search=www.instantssl.com&x=6&y=5

Any suggestions?

A mechanism like this does not exist. The specific example you mention - using the Let’s Encrypt logo this way - is not permitted by the trademark policy either.

For some of the reasoning as to why Let’s Encrypt offers no “badge” or “site seal” (which is similar to what you’re describing), see this post.

1 Like

It might contain more information than you want but you can point people to the equivalent of

https://www.ssllabs.com/ssltest/analyze.html?d=www.google.com&s=172.217.6.36&hideResults=on

for your site, which is an independent party that will confirm that the certificate is valid.

The feeling that you have to do this is not a good sign for user security or computer literacy because people’s own browsers are already validating certificates and already have a built-in feature to show the certificate and its validity. They don’t, in fact, need a third party to confirm this when their existing software that they’re using can already do this task. The PKI generally regards certificate validity checking as the responsibility of the user-agent; hopefully users can believe that the decisions made by their user-agents are correct!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.