SSL Certificate – Revoked

漏洞类别:General remote services

漏洞等级: 

漏洞信息

An SSL certificate associates an entity (person, organization, host, etc.) with a public key. In an SSL connection a client authenticates the remote server using the server’s certificate and extracts the public key in the certificate to establish the secure connection.

SSL certificates can be revoked by the issuing certificate authority. The revocation status of a certificate can be obtained from certificate revocation lists issued by the certificate authority, by performing OCSP (Online Certificate Status Protocol) queries against the certificate authority’s OCSP server, or, from OCSP Stapling information provided by the server that presents the certificate.

漏洞危害

Using a revoked certificate is considered unsafe and prohibited by some SSL clients. The reason for a certificate to be revoked is often a suspected security breach involving the certificate or its associated private key. Continued use of the certificate after such an event may allow an attacker to perform a man-in-the-middle attack.

解决方案

Please install a server certificate that has not been revoked.

Leave a Reply