High-Tech Bridge Free SSL Server Tester Failed Example

Q

Is there any example of server certificate failed to pass the validation of High-Tech Bridge Free SSL Server Tester?

✍: FYIcenter.com

A

Here is an example of server certificate failed to pass the validation of High-Tech Bridge Free SSL Server Tester.

1. Go to https://www.htbridge.com/ssl/.

2. Enter this URL: www.wikipedia.com.

3. Click "Submit" icon. You will see the output of the test:

Summary of www.wikipedia.com SSL/TLS Security Test - The final grade should be "F", because of the wrong certificate:

FINAL GRADE: A
COMPLIANT WITH PCI DSS: Pass
HORT: 208.80.154.224:443
The server prefers cipher suites supporting Perfect-Forward-Secrecy
The certificate is untrusted

SSL Certificate Overview:

Common Name - *.wikipedia.org
subjectAltName - DNS:*.wikipedia.org, DNS:mediawiki.org, DNS:wikibooks.org, ...
...

Test for Compliance with NIST Guidelines:

SERVER KEY IS SIGNED WITH A WRONG ALGORITHM
    The server public key has not been signed by the proper algorithm 
    according to NIST guidelines.

DIFFIE-HELLMAN PARAMETER SIZE
    The size of your Diffie-Hellman (DH) parameter:
        2048 bits

SUPPORTED ELLIPTIC CURVES
    P-256 (prime256v1) (256 bits)
...

Test for Compliance with PCI DSS Requirements:

CERTIFICATE IS UNTRUSTED
    The certificate is untrusted due to the following reason(s): 
        The certificate is issued for a different hostname

DIFFIE-HELLMAN PARAMETER SIZE
    The size of your Diffie-Hellman (DH) parameter:
        2048 bits
...

Test for Industry Best-Practices:

CERTIFICATE IS NOT EV
    The certificate is NOT an Extended Validation (EV) certificate.

SERVER SUPPORTS TLSv1.2
    The server supports TLSv1.2 which is the only SSL/TLS protocol that 
    currently has no known flaws or exploitable weaknesses.

SERVER PREFERS PFS ENABLED CIPHER SUITES
    For TLS family of protocols, the server prefers cipher suite(s) 
    providing Perfect Forward Secrecy (PFS).

HTTP SITE DOES NOT REDIRECT
    The HTTP version of the website does not redirect to the HTTPS version. 
    We advise to enable redirection.

SERVER DOES NOT PROVIDE HSTS
    The server does not send the HTTP-Strict-Transport-Security. 
    We advise to enable it to enforce the user to browse the website in HTTPS.
...

Web Server Security Overview:

Overview
    Your grade for web server security is "F". 
    This test doesn't impact your SSL/TLS score.
...

The picture befow shows you High-Tech Bridge Free SSL Server Tester output on www.wikipedia.com:
High-Tech Bridge Free SSL Server Tester Failed Example

 

ssllabs SSL Server Tester

High-Tech Bridge Free SSL Server Tester

Server Certificate Online Tools

⇑⇑ Certificates Tools

2016-10-08, 1125👍, 0💬