Identity Management / SSL Certificate Cannot Be Trusted
Infrastructure
Description
SSL Certificate Cannot Be Trusted is a vulnerability that occurs when an SSL/TLS certificate cannot be successfully verified and therefore is not trusted. This may be due to several reasons:
- The top of the certificate chain may not descend from a known public certificate authority.
- The certificate chain may contain a certificate that is not valid at the time of checking.
- The certificate chain may contain a signature that does not match the certificate or could not be verified.
Risk
This vulnerability can indicate that man-in-the-middle attacks could be possible, as the original certificate cannot be trusted and an attacker may equally present a certificate that cannot be trusted. This could allow attackers to undermine the confidentiality and integrity of the communication.
Solution
The best solution to remediate the vulnerability of SSL Certificate Cannot Be Trusted is to ensure that all SSL certificates can be properly validated and the certificate chain is valid.