Vulnerabilities / Untrusted TLS certificate
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
↓
Severity
Medium
CWE Name
Untrusted TLS certificate
CWE ID
CWE-16
CVSS Score
5.8
Compliance
OWASP TOP10 -> A2
PCI-DSS -> 4.1, 6.5.4
ISO27001 -> A.5.14, A.8.9, A.8.24
PCI-DSS -> 4.1, 6.5.4
ISO27001 -> A.5.14, A.8.9, A.8.24
The certificate sent by the server is not trusted.
This may be due to one of the following reasons:
- The requested hostname does not match the CN or SAN attribute of the TLS Certificate;
- The issuer of this certificate is not trusted. This can happen if the certificate is self-signed, or the certificate issuer is not a recognized Certificate Authority;
- The server did not send the complete certificate chain. This usually means that the server did not send a required intermediate CA certificate.
If this problem is intermittent, it might be because your site is behind a load balancer, and one of the servers is misconfigured or is sending an incorrect certificate.
How to fix
-
To fix this issue, you should address all of the issues identified below.
