You may have visited a website, and seen a warning similar to the one to the right (click here for the Firefox version). What does it mean? Why is it important? Is it important?
First; yes, it is important. And it may mean you should avoid the site altogether. This article is intended to help by explaining some of the reasons you might get this warning.
What is a Website Security Certificate?
To put it simply, a website security certificate is a form of identification. Your computer and web browser come pre-configured to be able to recognize certain types and sources of these certificates, just like a bouncer at a nightclub is trained to recognize certain picture identification (and to reject others). Just like your picture ID, a website's security certificate contains certain personally-identifiable information, has an expiration date, and clearly denotes who issued the certificate. If there are any problems with any of this information, you will get a warning similar to the one shown.
Your web browser comes preconfigured with a list of trusted online sources of certificates; these will be the big names, many of which may be familiar to you (Thawte, VeriSign, GoDaddy) and some which may be only known to those familiar with the industry. But either way, the makers of your web browser or operating system have decided that you should be able to trust those issuers. When a website presents a certificate for itself, your computer verifies the certificate with the issuer, provided it is a trusted issuer.
What is Verified?
If the certificate is issued from a source your browser is not set to 'trust', you will get a warning. Next, your browser verifies that the certificate presented by the website is a valid one; that it indeed was issued, and that it has not since been revoked. This is akin to a police officer calling in (or logging on) to verify that your driver's license is still valid. Also, your browser verifies that the website you are visiting is actually the website that was issued that particular certificate, similar to someone looking closely at the photo on your ID to verify that you have the correct ID; this is done by checking the URL you are visiting. A certificate for www.SecureWebsite.com will not work for www.OtherSecureWebsite.com, for example. Also, the expiration date of the certificate is checked.
If any of these checks fail, you get a warning like the above. This is to alert you that something is wrong.
Why is This Important?
Usually, a website has a secure certificate for purposes of encrypting data being sent between the website and its users. That implies that the data being transferred is confidential. Because of this fact, you should want to know that the website to which you are submitting the information really is the website you think it is, being run by the people you think it is. If you are submitting your credit card information to www.Amazon.com, you don't want to actually be sending it to www.HackersRus.com, instead. This is why it's important to check your browser's address bar to be sure you are at the website you think you are visiting. If it really says www.Amazon.com, and you saw no warnings about the certificate, you can be fairly sure you are submitting your information to the people you intend.
If you visit a well-known secure site, and you see a warning like this, you should be a bit concerned about it. It could mean something has happened to the website in question, and it is being run by someone other than who it is supposed to. Various 'hacks' could cause you to be visiting the incorrect website, even if the address bar looks right. Such hacks will usually cause you to get a certificate warning. If you are in doubt, you should refrain from even attempting to log in to the site or visiting it. Ask a tech-savvy user you know to verify for you if something is wrong with the site in question.
Causes Other Than Hacking
These warnings can occur for reasons other than hacking, though. Sometimes, for example, someone might simply forget to renew their certificate by the time it expires. This has happened to some moderately prominent websites, although it's certainly not a good thing to allow to happen. You should still exersize caution. Another reason is a misconfiguration; I mentioned that a certificate for one site won't work for another site. Sometimes a web master will accidentally install a certificate on the wrong site, or configure the site with an incorrect name, which causes the error. Again, caution should still be exersized.
Finally, sometimes a certificate is issued by an 'authority' that your computer is not configured to recognize. This should never be the case with a 'big name' website, but it is common for a private website with a very limited number of users. For instance, the secure login to manage your own website might be protected with a self-issued certificate. In such a case, someone should warn you ahead of time that you will get the warning, and why you are getting it. You can then choose to accept the issuer permanently, so you don't get that warning every time you visit the site.
Unfortunately, many times these certificate warnings are simply ignored; that could be potentially dangerous. But because sometimes there is a good (though not well-explained) reason for them, or because sometimes even big-name websites have temporary errors, many people have become accustomed to just clicking past the 'error', and visiting the website anyway. I recommend caution here, for sites where you log in or submit your personal information.