TLS Web Server Authentication Extension Not Supported

Info Web Application Scanning Plugin ID 112650

Synopsis

TLS Web Server Authentication Extension Not Supported

Description

The remote server TLS certificate does not have a Extended Key Usage (EKU) extension specifying the id-kp-serverAuth OID.

Solution

Replace the TLS certificate with a new certificate containing an Extended Key Usage extension (EKU) containing the correct id-kp-serverAuth OID.

See Also

https://tools.ietf.org/html/rfc5280#page-44

https://www.openssl.org/docs/manmaster/man5/x509v3_config.html

Plugin Details

Severity: Info

ID: 112650

Type: remote

Family: SSL/TLS

Published: 2020/11/16

Updated: 2020/11/16

Scan Template: api, scan, pci, ssl_tls, config_audit

Risk Information

Risk Factor: Info