Of the 1963512 sites able to respond to our requests, only 532674 appeared to have valid third party certificates correctly matching the hostname, such that the latest version of Microsoft's Internet Explorer would not issue a warning message upon connecting to the site.
There are many reasons for the large number of sites with valid certificates but mismatched names:
The large number of self-signed and unknown issuer certificates includes both "real" self signed certificates (where a company or organisation has really created their own self-signed certificate), and default certificates such as that provided with Apache/mod-ssl, and test certificates from real certificate issuers (but which provide no assurance, so are not counted as valid).
55751 sites were using certificates which had already expired at the time of the survey. This low number indicates that sites are retaining confidence and commitment in using ssl-encryption.
Some certificates had issuers listed that were not known to us as certificate authorities. The most plausible explanation for this is that these certificates were actually self-signed, but not in a way that we were able determine automatically. However, new certificate issuers would also be treated in the same way. Netcraft review all unrecognised issuers with large numbers of certificates each month, and ensure that any new issuers are identified and included where appropriate.
Copyright © Netcraft 1996-2006