SSL Certificate Chain Not Sorted
Info Nessus Plugin ID 56471
SynopsisThe X.509 certificate chain used by this service contains certificates that aren't in order.
DescriptionAt least one of the X.509 certificates sent by the remote host is not in order. Some certificate authorities publish certificate bundles that are in descending instead of ascending order, which is incorrect according to RFC 4346, Section 7.4.2.
Some SSL implementations, often those found in embedded devices, cannot handle unordered certificate chains.
SolutionReorder the certificates in the certificate chain.