SSL Certificate Chain Not Sorted

This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.

Synopsis :

The X.509 certificate chain used by this service contains
certificates that aren't in order.

Description :

At least one of the X.509 certificates sent by the remote host is not
in order. Some certificate authorities publish certificate bundles
that are in descending instead of ascending order, which is incorrect
according to RFC 4346, Section 7.4.2.

Some SSL implementations, often those found in embedded devices,
cannot handle unordered certificate chains.

See also :

Solution :

Reorder the certificates in the certificate chain.

Risk factor :


Family: General

Nessus Plugin ID: 56471 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now