SSL Certificate Fails to Adhere to Basic Constraints / Key Usage Extensions

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

An X.509 certificate in the chain used by this service fails to
adhere to all of its basic constraints and key usage extensions.

Description :

An X.509 certificate sent by the remote host contains one or more
violations of the restrictions imposed on it by RFC 5280. This means
that either a root or intermediate Certificate Authority signed a
certificate incorrectly.

Certificates that fail to adhere to the restrictions in their
extensions may be rejected by certain software. The existence of such
certificates indicates either an oversight in the signing process, or
malicious intent.

See also :

Solution :

Alter the offending certificate's extensions and have it signed

Risk factor :

Medium / CVSS Base Score : 6.4

Family: General

Nessus Plugin ID: 56284 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now