Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (71)
EC Keys (1854)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (5380)
Revoked Certificates (16)
Root CA (85)
RSA Keys (4393)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
Symantec SSL/TLS Certificate Installation Checker Failed Example
Is there any example of server certificate failed to pass the validation of Symantec SSL/TLS Certificate Installation Checker?
✍: FYIcenter.com
Here is an example of server certificate failed to pass the validation
of Symantec SSL/TLS Certificate Installation Checker.
1. Go to https://cryptoreport.websecurity.symantec.com/checker/views/certCheck.jsp
2. Enter this URL: www.wikipedia.com.
3. Click "Check" button. You will see the output with these sections:
Failed - Certificate is not installed correctly:
www.wikipedia.com You have 2 errors: RSA wrong certificate installed. The domain name does not match the certificate common name or SAN. ECC wrong certificate installed. The domain name does not match the certificate common name or SAN. Info - The BEAST attack is not mitigated on this server.
Chain installation - 2 certificates found, RSA and ECC:
RSA certificate information: Common name: *.wikipedia.org SAN: *.wikipedia.org, mediawiki.org, wikibooks.org, wikidata.org, ... Organization: Wikimedia Foundation, Inc. Organizational unit: City/locality: San Francisco State/province: California Country: US Certificate Transparency: Not embedded in certificate Serial number: 1121f69545b2bae5a6f9553566c7120194ce Algorithm type: SHA256withRSA Key size: 2048 Valid from: 2015-Dec-10 22:46:04 GMT Valid to: 2016-Dec-10 22:46:04 GMT Certificate status: Valid Revocation check method: OCSP ECC certificate information: Common name: *.wikipedia.org SAN: *.wikipedia.org, mediawiki.org, wikibooks.org, wikidata.org, ... Organization: Wikimedia Foundation, Inc. Organizational unit: City/locality: San Francisco State/province: California Country: US Certificate Transparency: Not embedded in certificate Serial number: 1121a225ba0402d791854854c8ba60686a9b Algorithm type: SHA256withRSA Key size: 256 Valid from: 2015-Dec-10 23:22:05 GMT Valid to: 2016-Dec-10 22:46:04 GMT Certificate status: Valid Revocation check method: OCSP
Server configuration:
Host name: text-lb.eqiad.wikimedia.org Server type: mw1185.eqiad.wmnet IP address: 208.80.154.224 Port number: 443 Secure Renegotiation: Enabled Downgrade attack prevention: Enabled Next Protocol Negotiation: Enabled Session resumption (caching): Enabled Session resumption (tickets): Not Enabled Strict Transport Security (HSTS): Enabled (max-age=31536000; includeSubDomains; preload) SSL/TLS compression: Not Enabled Heartbeat (extension): Enabled RC4: Not Enabled OCSP stapling: Enabled Protocols enabled: TLS1.2, TLS1.1, TLS1.0 Protocols not enabled: SSLv3, SSLv2
Vulnerabilities checked:
Heartbleed Poodle (TLS) Poodle (SSLv3) FREAK BEAST - Yellow CRIME
The picture befow shows you Symantec SSL/TLS Certificate Installation Checker
output on www.wikipedia.com:
⇒ Wormly SSL Web Server Tester
⇐ Symantec SSL/TLS Certificate Installation Checker
2016-10-05, 2444👍, 0💬
Popular Posts:
What is the DER (Distinguished Encoding Rules) encoding used in the OpenSSL "asn1parse" command? DER...
How to create a new keystore file with Portecle? I have Portecle installed. To create a new keystore...
Renewing a certificate with the same key provides maximum compatibility with past uses of the accomp...
Certificate Summary: Subject: Class 1 Public Primary Certification Authority Issuer: Class 1 Public ...
What is the PKCS#1 v1.5 padding schema used in OpenSSL "rsautl" command? PKCS#1 v1.5 padding schema ...