SSL Certificate Chain Not Sorted

This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.

Synopsis :

The X.509 certificate chain used by this service contains
certificates that aren't in order.

Description :

At least one of the X.509 certificates sent by the remote host is not
in order. Some certificate authorities publish certificate bundles
that are in descending instead of ascending order, which is incorrect
according to RFC 4346, Section 7.4.2.

Some SSL implementations, often those found in embedded devices,
cannot handle unordered certificate chains.

See also :

Solution :

Reorder the certificates in the certificate chain.

Risk factor :


Family: General

Nessus Plugin ID: 56471 ()

Bugtraq ID:


Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial