Maybe by looking at the signing authority? I’m not certain if that can be spoofed by malware or these other services. Would they show up as their own signing authority?
On Chrome it looks like you have top open the dev tools and see “Security.” I can see that BoingBoing cert is signed by GlobalSign, for instance.
I feel like it used to be easier, that I could see the certificate by clicking on the HTTPS lock on the browser bar. On Firefox, I can get there from the browser bar, though it’s two clicks:
In any case, you’d then have to recognize the various signing authorities (https://en.wikipedia.org/wiki/Certificate_authority#Providers) and know that it’s not one of those.
