This script is Copyright (C) 2016 Tenable Network Security, Inc.
A known CA SSL certificate in the certificate chain has been signed
using a weak hashing algorithm.
The remote service uses a known CA certificate in the SSL certificate
chain that has been signed using a cryptographically weak hashing
algorithm (e.g., MD2, MD4, MD5, or SHA1). These signature algorithms
are known to be vulnerable to collision attacks. An attacker can
exploit this to generate another certificate with the same digital
signature, allowing the attacker to masquerade as the affected
Note that this plugin reports all SSL certificate chains signed with
SHA-1 that expire after January 1, 2017 as vulnerable. This is in
accordance with Google's gradual sunsetting of the SHA-1 cryptographic
See also :
Contact the Certificate Authority to have the certificate reissued.
Risk factor :