Aus Siwecos
Wechseln zu: Navigation, Suche

Verification of certificate transmission

If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.

Result positive Server sends a certificate
Result negativ Server does not send a certificate
Description The server has not sent a certificate. This is unusual and should not occur. The server should check its TLS configuration and, if necessary, disable anonymous cipher suites.
Background It is theoretically possible to configure a TLS server so that it will not send a certificate to identify itself and only encrypt without signing its public key. A client that wants to connect to the server cannot check whether it is really communicating with the server it expects. This type of configuration is very rare.
Consequence Without a certificate for your website, attackers can listen in on your communication. Criminals could intercept your customers' personal data, such as passwords or credit card information. There is also the risk that criminals may install viruses or a trojan on your website. In such a case, you may even be liable for damages suffered by your visitors. Criminals could also create seemingly "legitimate" duplicates of your website. With theses faked phishing sites, personal data such as passwords or credit card information can be intercepted while the customer believes that he or she is visiting a legitimate company website.
Solution/Tips If Server does not send a certificate was reported, urgently update your TLS implementation. Current software no longer allows this type of configuration.