Invalid Server Certificate
Plugin details
| Severity | Low |
|---|---|
| ID | 10014 |
| Category | Transport security |
| CVSS score | 3.7 |
| CVSS link | https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N |
Synopsis
The server certificate is invalid.
Description
The server uses certificate that fails validation. The certificate may have expired, been revoked, or is not trusted by the client.
Using an invalid server certificate prevents the client from verifying the server’s identity and the communication channel’s integrity and confidentiality.
Solution
Configure server with valid certificate. The certificate should be issued by a trusted Certificate Authority (CA) and should not be expired or revoked.