Verification of certificate transmission
If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.
|Result positive||Server sends a certificate|
|Result negativ||Server does not send a certificate|
|Description||The server has not sent a certificate. This is unusual and should not occur. The server should check its TLS configuration and, if necessary, disable anonymous cipher suites.|
|Background||It is theoretically possible to configure a TLS server so that it will not send a certificate to identify itself and only encrypt without signing its public key. A client that wants to connect to the server cannot check whether it is really communicating with the server it expects. This type of configuration is very rare.|
|Consequence||Without a certificate for your website, attackers can listen in on your communication. Criminals could intercept your customers' personal data, such as passwords or credit card information.|
|Solution/Tips||If Server does not send a certificate was reported, urgently update your TLS implementation. Current software no longer allows this type of configuration.|