Helping people with computers... one answer at a time.
A slash through the padlock, the https, or the https appearing in red all mean one thing: something's wrong. Exactly what's wrong can vary.
Sometimes when I'm on a secure website (https in the URL), I notice that the https has a slash through it, seemingly meaning the site is NOT secure. Is this true? And if so, why is it happening?
Https, for secure http, is used instead of http to do two things: confirm the identity of the site you're connecting to and keep your communications with that site secure by encrypting it all.
If something is wrong, the browser will often display a warning, but in some cases, it will do nothing more than turn the https indicator red or put a line through it.
Unfortunately, "something is wrong" can mean many things, ranging from a serious security issue to a benign oversight by the website's owner.
In most cases when you first connect to a website that has an https problem, your browser should warn you. In the case above, there are two problems that Internet Explorer is telling me about the site I'm visiting:
The security certificate presented by this website was not issued by a trusted certificate authority. Https uses trusted authorities validated by the so-called "root certificates" to issue encrypted credentials (a certificate) to websites to validate their identity. In this case, while a certificate is in place, it has not been issued by a trusted authority and thus, it could have been created by anyone.
Bottom line: This site may say it is the site you're going to, but it's very possible that it's lying.
The security certificate presented by this website was issued for a different website's address. The certificate also includes the name of the site you're going to. For example, if you're attempting to visit https://paypal.com, the certificate there will confirm that it is, indeed, the real paypal.com.
This error indicates that the certificate does not match the domain. Once again, you may not be visiting the actual site you think you are.
IE's error message sums it up nicely:
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
Continuing through to the site regardless of the warning, IE's address bar continues to indicate that there's a problem:
The address bar is given a red background and the red security icon is present.
Similarly Google Chrome turns the https red and draws a line through it:
Clicking on the broken padlock in Chrome displays information about the secure connection and its problems:
Clicking on IE's red security shield in the address bar or the highlighted domain name in FireFox's address bar will also display additional information.
Unless you know for a fact that the error is benign, cancel the operation and do not visit the site, especially if it's your bank or other financial institution or a site that deals with your personal and private information.
It could be a trap.
Contact the institution some other way to clarify the error and make sure that your system is free of malware and otherwise secure.
I do want to be clear: unless you're a system administrator of some sort, you should never see a certificate error. That's why I said above that if you're the least bit unsure, stop.
The most common cause for certificate errors is actually benign.
Certificates expire, and sometimes, the websites forget to update their certificates in time.
I know, because I've done it ... or rather, forgotten to do it.
Thus, if you can examine the message associated with a certificate error, and you can determine that the only problem is that the certificate has expired, and expired recently (typically, these cases are fixed within 24 hours), then it may be OK to proceed.
On the other hand, it's also safe to simply wait a day.