If there is a certificate error on a website (such as the domain not matching what is stated in the cert) and I continue to view the site anyway, is data over the HTTPS connection still encrypted?
My understanding is that the SSL certificate simply validates the identity of the site owner so that you (the customer) can be confident you are sending data to a legit company.
Is that the only role that the certificate provides or does it also play a role in the encryption process such that an error like the one above would cause the encryption to be skipped?
Best Answer
The data is still encrypted. However, the endpoint has not been verified. So, the data is "secure" in that it's encrypted over the wire. However, you might be sending it to the wrong person if the certificate doesn't match up properly...