Symantec SSL/TLS Certificate Installation Checker Failed Example

Q

Is there any example of server certificate failed to pass the validation of Symantec SSL/TLS Certificate Installation Checker?

✍: FYIcenter.com

A

Here is an example of server certificate failed to pass the validation of Symantec SSL/TLS Certificate Installation Checker.

1. Go to https://cryptoreport.websecurity.symantec.com/checker/views/certCheck.jsp

2. Enter this URL: www.wikipedia.com.

3. Click "Check" button. You will see the output with these sections:

Failed - Certificate is not installed correctly:

www.wikipedia.com

You have 2 errors:
   RSA wrong certificate installed.
   The domain name does not match the certificate common name or SAN.
   
   ECC wrong certificate installed.
   The domain name does not match the certificate common name or SAN.

Info - The BEAST attack is not mitigated on this server.

Chain installation - 2 certificates found, RSA and ECC:

RSA certificate information: 

    Common name: *.wikipedia.org
    SAN: *.wikipedia.org, mediawiki.org, wikibooks.org, wikidata.org, ...
    Organization: Wikimedia Foundation, Inc.
    Organizational unit: 
    City/locality: San Francisco
    State/province: California
    Country: US
    Certificate Transparency: Not embedded in certificate
    Serial number: 1121f69545b2bae5a6f9553566c7120194ce
    Algorithm type: SHA256withRSA
    Key size: 2048    
    Valid from: 2015-Dec-10 22:46:04 GMT
    Valid to: 2016-Dec-10 22:46:04 GMT
    Certificate status: Valid
    Revocation check method: OCSP 

ECC certificate information: 
    Common name: *.wikipedia.org
    SAN: *.wikipedia.org, mediawiki.org, wikibooks.org, wikidata.org, ...
    Organization: Wikimedia Foundation, Inc.
    Organizational unit: 
    City/locality: San Francisco
    State/province: California
    Country: US
    Certificate Transparency: Not embedded in certificate
    Serial number: 1121a225ba0402d791854854c8ba60686a9b
    Algorithm type: SHA256withRSA
    Key size: 256
    Valid from: 2015-Dec-10 23:22:05 GMT
    Valid to: 2016-Dec-10 22:46:04 GMT
    Certificate status: Valid
    Revocation check method: OCSP 

Server configuration:

Host name: text-lb.eqiad.wikimedia.org
Server type: mw1185.eqiad.wmnet
IP address: 208.80.154.224
Port number: 443
Secure Renegotiation: Enabled
Downgrade attack prevention: Enabled
Next Protocol Negotiation: Enabled
Session resumption (caching): Enabled
Session resumption (tickets): Not Enabled
Strict Transport Security (HSTS): Enabled (max-age=31536000; includeSubDomains; preload)
SSL/TLS compression: Not Enabled
Heartbeat (extension): Enabled
RC4: Not Enabled
OCSP stapling: Enabled
Protocols enabled: TLS1.2, TLS1.1, TLS1.0
Protocols not enabled: SSLv3, SSLv2

Vulnerabilities checked:

Heartbleed
Poodle (TLS)
Poodle (SSLv3)
FREAK
BEAST - Yellow
CRIME

The picture befow shows you Symantec SSL/TLS Certificate Installation Checker output on www.wikipedia.com:
Symantec SSL/TLS Certificate Installation Checker - Failed Example

 

Wormly SSL Web Server Tester

Symantec SSL/TLS Certificate Installation Checker

Server Certificate Online Tools

⇑⇑ Certificates Tools

2016-10-05, 1647👍, 0💬