SSL Certificate Chain Not Sorted

This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.


Synopsis :

The X.509 certificate chain used by this service contains
certificates that aren't in order.

Description :

At least one of the X.509 certificates sent by the remote host is not
in order. Some certificate authorities publish certificate bundles
that are in descending instead of ascending order, which is incorrect
according to RFC 4346, Section 7.4.2.

Some SSL implementations, often those found in embedded devices,
cannot handle unordered certificate chains.

See also :

http://www.ietf.org/rfc/rfc4346.txt

Solution :

Reorder the certificates in the certificate chain.

Risk factor :

None

Family: General

Nessus Plugin ID: 56471 ()

Bugtraq ID:

CVE ID: