SSL Certificate Chain Contains Weak RSA Keys

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.

Synopsis :

The X.509 certificate chain used by this service contains certificates
with RSA keys shorter than 1024 bits.

Description :

At least one of the X.509 certificates sent by the remote host has a
key that is shorter than 1024 bits. Such keys are considered weak due
to advances in available computing power decreasing the time required to
factor cryptographic keys.

Some SSL implementations, notably Microsoft's, may consider this SSL
chain to be invalid due to the length of one or more of the RSA keys it

See also :

Solution :

Replace the certificate in the chain with the weak RSA key with a
stronger key, and reissue any certificates it signed.

Risk factor :

Medium / CVSS Base Score : 4.0

Family: General

Nessus Plugin ID: 60108 ()

Bugtraq ID:


Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial