Only Three Per Cent of SSL Certificates Are Valid

New research conducted by security firm Qualys has revealed that only 3.17 per cent of secure web sites have valid Secure Socket Layer (SSL) certificates.

The company said that it had scanned 119 million domain names, of which only 92 million were active. More than 12.4 million domains had resolving issues, and 14.6 million failed to respond.

Of the 92 million active domains, 34 million domains used both port 80 (typically used for HTTP), and port 443, which is used for web sites with the prefix 'https://' - those secured using SSL.

Ivan Ristic, director of engineering at Qualys, said that by taking a closer look at those sites that used port 443, the firm discovered that only 23 million were actually using SSL.

Less than a million - 3.17 per cent - of these SSL sites generated certificates that were valid and which matched their domain names.

Ristic said: “For us, the question is: How exactly is SSL used on the Internet as a whole? Interestingly enough, as popular as SSL is, no one had made public the information about how it is used.”