Data protection

SSL certificate of a subdomain with a publicly accessible website appears to be self signed

Risk Level

Hazardous (3)

Platform(s)
  • N/A

Compliance Frameworks

Description

The certificate for {Subdomain.Name} appears to be self signed. Certificates authenticate hostnames by a chain of trust and can not guarantee ownership of a subdomain which is self signed. This means a user could not distinguish access to the correct website and a fake one and opens users of this website to the risk of an MITM attack
  • Recommended Mitigation

    Access the domain through a modern browser to see if the user is alerted on the certificate's status. If this subdomain is intended for public use: review the certificate and if it is indeed self signed (evidenced by a lack of a correct chain of trust) create a valid certificate with a reputable certificate authority.