SSL Certificate
Description
The SSL certificate found on the website is no longer valid. This is most probably due to the fact that the SSL certificate is expired.
Remediation
Purchase a new SSL certificate.
REST Specific
Asp_net
Renew the expired SSL certificate for the website. Ensure that the new certificate is properly installed and configured within the ASP.NET framework's server settings. Set up auto-renewal if possible to prevent future expirations.
Ruby_on_rails
To address the expired SSL certificate issue in a Ruby on Rails application, you should first acquire a new SSL certificate from a trusted Certificate Authority (CA). Once obtained, update your server configuration to use the new certificate. For servers running Nginx or Apache, this involves replacing the old certificate files with the new ones and restarting the server. Ensure that your Rails application is configured to force SSL usage with 'config.force_ssl = true' in the 'config/environments/production.rb' file to redirect all traffic over HTTPS. Additionally, set up automatic certificate renewal if your CA supports it to prevent future expirations.
Next_js
Renew the expired SSL certificate for your Next.js application. Ensure that the new certificate is properly installed and configured on your web server. Set up auto-renewal if possible to prevent future expirations.
Laravel
To address the expired SSL certificate issue in a Laravel application, you should first acquire a new SSL certificate from a trusted Certificate Authority (CA). Once you have the new certificate, update your web server configuration to use the new certificate files. For Apache, this involves editing the 'ssl.conf' file or the specific site's configuration file within '/etc/apache2/sites-available/'. For Nginx, you would update the 'nginx.conf' file or the server block file for your site within '/etc/nginx/sites-available/'. After updating the configuration, restart the web server to apply the changes. Additionally, consider setting up auto-renewal for your SSL certificates if your CA provides that service to prevent future expirations.
Express_js
To remediate the expired SSL certificate issue in an Express.js application, you should first acquire a new SSL certificate from a trusted Certificate Authority (CA). Once you have the new certificate, update your Express.js server configuration to use the new certificate and private key files. Restart your Express.js server to apply the changes, ensuring that HTTPS connections are secure and trusted by clients.
Django
Ensure that the SSL certificate for the website is up-to-date. Renew the expired certificate immediately, and configure the server to use the new certificate. In Django, you can also set up automatic renewal with a tool like Certbot to prevent future expirations.
Symfony
To address the expired SSL certificate issue in a Symfony-based application, you should first acquire a new SSL certificate from a trusted Certificate Authority (CA). Once obtained, configure your web server (e.g., Apache, Nginx) to use the new certificate. For Apache, update the 'SSLCertificateFile' and 'SSLCertificateKeyFile' directives in the virtual host file. For Nginx, update the 'ssl_certificate' and 'ssl_certificate_key' directives. After making these changes, restart the web server to apply the new configuration. Additionally, consider setting up auto-renewal for your SSL certificates to prevent future expirations.
Spring_boot
Renew the expired SSL certificate for your Spring Boot application. Ensure that the new certificate is properly installed and configured in the server where your application is hosted. After installation, restart the Spring Boot application to load the new certificate.
Flask
To address the expired SSL certificate issue in a Flask application, you should first obtain a new SSL certificate from a trusted Certificate Authority (CA). Once you have the new certificate, configure your Flask application to use it by setting the 'ssl_context' parameter in the 'app.run()' method with the paths to your new certificate and private key files. Ensure that your web server (e.g., Nginx or Apache) is also updated with the new certificate details if it's handling SSL termination.
Nuxt
Renew the expired SSL certificate for your Nuxt.js application. Ensure that the new certificate is properly installed and configured on your web server. Set up auto-renewal if possible to prevent future expirations.
Fastapi
To remediate the expired SSL certificate issue in a FastAPI application, you should first acquire a new SSL certificate from a trusted Certificate Authority (CA). Once you have the new certificate, configure your FastAPI server to use it by updating the SSL context in your application's startup code. Ensure that the paths to the new certificate file and private key are correctly specified. Additionally, set up auto-renewal for your SSL certificates to prevent future expirations.
Configuration
Identifier:
protocol/ssl_certificate
Examples
Ignore this check
checks:
protocol/ssl_certificate:
skip: true
Score
- Escape Severity: HIGH
Compliance
- OWASP: API2:2023
- pci: 4.1
- gdpr: Article-32
- soc2: CC1
- psd2: Article-95
- iso27001: A.14.2
- nist: SP800-52
- fedramp: SC-17
Classification
Score
- CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
- CVSS_SCORE: 7.2