Being able to identify that you are using a secure connection to the intended site is one of the most important things you need know to be safe on the internet. Because it is so important, all modern browsers have built-in warning mechanisms to warn you when you attempt to visit a website with an invalid security certificate. People often disregard these warnings more than they should.
First, it is important to ensure you are visiting the intended site. You should do this by verifying you are viewing the correct domain. For details on how to do this see my tutorial on how to identify root domain. [TODO: Link] It will not do you much good if the connection is secure but, in reality, you only have a secure connection to the misleading domain of a malicious hacker.
Second, ensure that the websites you visit are using SSL/HTTPS. Now not all sites support this or require it for all pages, but it is becoming more and more common for every page of every website to use a secure connection. The primary indicator is that you are using a secure connection, is the URL will start with https:// instead of just http://. Viewing a web page that is only HTTP is reluctantly okay, and should only be done when casually reading on the internet. However, if you are entering ANY personal information, then you ABSOLUTELY have to be using a secure connection. This type of personal information includes login information (username/email/password), shipping or billing address, credit card information, social security number, phone number, etc.
Ensuring you are using a secure connection, https instead of HTTP, does not mean the connection is secure. To validate it is actually secure you will need to identify the lock icon on the URL bar. It should be a closed lock with no red lines or X. If the lock is open, red in color or has a red line or X through it, then your connection is not actually secure; this would signify an invalid SSL certificate.
Now, most browsers display a full page warning before allowing you to proceed to a secure https connection that does not have a valid certificate. An invalid certificate means that the intended host (or website) may not have a secure direct connection with you and instead, despite being https, someone could still tamper or monitor the connection and data sent/received. You should treat invalid certificates as if it was an insecure, or a non-https connection and do not supply any personal information.
You can usually click on the secure or insecure lock, when you see it, to get additional information. You usually do not need to click on the secure icon and view the inner details, but if you want to dig a little deeper to ensure it is a secure connection, then you can.
It is important to note that anytime you are not using a secure connection, the data or website you are viewing could have been tampered with. Although rare for average people to be targeted using this type of tampering attack, the security community has seen this technique deployed by sophisticated criminal and state-sponsored syndicates. Additionally, any information you submit or send over an insecure connection, you should assume can be seen by anyone. If you were at an internet cafe, for example, someone could easily watch everything you read and send over the insecure connection.
It is also important to mention, despite being on a secure connection, does not mean what you are doing is anonymous. Everyone, including your ISP, Internet Service Provider, to hackers, government or other sources listening/watching can see the website and URL you requested. They can see where you went and when you went there. The secure connection merely prevents them from viewing the particular contents of that transmission.
Here are some example images of secure https connections with valid SSL certificates on different browsers: