Explanations

A secure website (HTTPS) justifies its identity with your browser by sending a certificate validated by a recognized certification authority. Interception techniques, to be able to work, dynamically forge false certificates (a bit like a fake identity card).
The method we propose to you, verifies that the certificate you receive is the one issued by the server. The operation is as follows (see diagram below):

addon

* this server is by default « checkmyhttps.net ». You can install your own server (see documentation on CheckMyHTTPS GitHub).

We have developed several clients that use this method (web browser extensions, mobile applications, test web pages). These clients interact with the verification server via an API (Application Program Interface) as follows :

addon