Rule from ssl under security category
Passmarked is made out of users just like you who helped supply some content. Click below to contribute to this rule. We need you.Add content to this rule
On clients that allow connections over HTTPS a list of root are included which are checked for a valid certificate, see root certificates included by Mozilla for example.
These lists often do not include the intermediate certificate and can vary depending on provider/browser and device. It is advised to build a full chain all the way up to the root, but excluding the root itself. This allows all devices, even if they do not have the intermediate certificate, to view the site as verified over https.
The order of the certificate chain returned by the server was not correct. The chain can be walked to be checked, and the provided chain presented certificates which were not expected at the position supplied.
Verify that all certificates supplied in the chain are part of the expected list in the correct format with all the intermediates and server certificate with nothing else present.
Newer options include free certificates from Let's Encrypt which will provide a actual signed certificate that can be used for local/internal and public sites. Which takes the management out of the server admin's hands to fix these problems.
Providers like Cloudflare have also started providing SSL certificates for any websites going through their proxy, making it easy to give any website HTTPS if there is no control over the actual web server.
Passmarked works best when you have an account. It allows you to keep a dashboard with saved data of the sites you have run through the system, we’ll alert you about important updates and you get access to the Passmarked Slack forum.Sign up to get started