Verification of certificate transmission
If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.
|Result positive||Server sends a certificate|
|Result negativ||Server does not send a certificate|
|Description||The server has not sent a certificate. This is unusual and should not occur. The server should check its TLS configuration and, if necessary, disable anonymous cipher suites.|
|Background||It is theoretically possible to configure a TLS server so that it will not send a certificate to identify itself and only encrypt without signing its public key. A client that wants to connect to the server cannot check whether it is really communicating with the server it expects. This type of configuration is very rare.|
|Consequence||Without a certificate for your website, attackers can listen in on your communication. Criminals could intercept your customers' personal data, such as passwords or credit card information. There is also the risk that criminals may install viruses or a trojan on your website. In such a case, you may even be liable for damages suffered by your visitors. Criminals could also create seemingly "legitimate" duplicates of your website. With theses faked phishing sites, personal data such as passwords or credit card information can be intercepted while the customer believes that he or she is visiting a legitimate company website.|
|Solution/Tips||If Server does not send a certificate was reported, urgently update your TLS implementation. Current software no longer allows this type of configuration.|