Verification of certificate transmission
If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.
|Result positive||Server send a certificate|
|Result negativ||Server does not send a certificate|
|Description||The server has not sent any certificate. This is unusual and should not happen. The server should check its TLS configuration and disable anonymous cipher suites if necessary.|
|Background||It is theoretically possible to configure a TLS server so that it does not send any certificate to identify itself and only encrypts it without signing its Public Key. A client who wants to connect to the server cannot check if he is really talking to the server he expects. This type of configuration is extremely rare.|
|Consequence||Without certificate attackers can spy on your communication. Criminals could anonymously access your customers' personal data such as passwords.|
|Solution/Tips||If Server does not send certificate was reported, update the TLS implementation you used urgently. Modern software no longer allows this type of configuration.|