Share via

How to identify the certificate not correct?

Duchemin, Dominique 2,006 Reputation points
2022-04-02T01:59:47.897+00:00

Hello,

I have this report:

![Asset Names Service Port Vulnerability ID Vulnerability Risk Score Vulnerability
Title Vulnerability Description Vulnerability Solution Vulnerability Proof Vulnerability CVSS Score Vulnerability CVSSv3 Score

Server_name 3389 tls-untrusted-ca 697 Untrusted TLS/SSL server X.509 certificate The server's TLS/SSL certificate is signed by a Certification Authority (CA) that is not well-known or trusted. This could happen if: the chain/intermediate certificate is missing, expired or has been revoked; the server hostname does not match that configured in the certificate; the time/date is incorrect; or a self-signed certificate is being used. The use of a self-signed certificate is not recommended since it could indicate that a TLS/SSL man-in-the-middle attack is taking place Obtain a new certificate from your CA
and ensure the server configuration is correct

Ensure the common name (CN) reflects
the name of the entity presenting the certificate
(e.g., the hostname). If the certificate(s) or any
of the chain certificate(s) have expired or been
revoked, obtain a new certificate from your
Certificate Authority (CA) by following their
documentation. If a self-signed certificate is
being used, consider obtaining a signed certificate
from a CA.

References: Mozilla: Connection Untrusted Error
(https://support.mozilla.org/en-US/kb/connection-untrusted-error-message) SSLShopper: SSL Certificate Not Trusted Error (https://www.sslshopper.com/ssl-certificate-not-trusted-error.html) Windows/IIS certificate chain config (https://support.microsoft.com/en-us/kb/954755) Apache SSL config (http://httpd.apache.org/docs/2.2/mod/mod_ssl.html) Nginx SSL config (http://nginx.org/en/docs/http/configuring_https_servers.html)
CertificateChain.io (https://certificatechain.io/) TLS/SSL certificate signed by unknown, untrusted CA: CN=Servername -- [Path does not chain with any of the trust anchors]. FireEye HX,JAMF,STATS-Internal,Sophos,Windows Server
]1

How do I identify the correct certificate creating this report?

Thanks,
Dom

Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,926 Reputation points
    2022-04-07T07:49:20.317+00:00

    Hi @Duchemin, Dominique

    You can compare the certificate signature with the error report to find out the source of the certificate errors.

    To view certificates for the current user, open the command console, and then type certmgr. msc.

    The Certificate Manager tool for the current user appears. To view your certificates, under Certificates - Current User in the left pane, expand the directory for the type of certificate you want to view.

    You can take note of these certificates and then compare them with your error report to find the source.

    Hope this resolves your Query!!

    --
    --If the reply is helpful, please Upvote and Accept it as an answer–

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.