VScanner's Knowledge Base
  • Welcome to VScanner Documentation
  • VScanner API
    • Introduction
      • Classification
    • Authentication
    • Vulnerability Scanner
      • Scans
        • Explorer Preferences
          • Features
        • Website Vulnerability Preferences
          • Features
        • Scan API Preferences
          • Features
        • Subdomain Finder
    • PDF Report Generation
    • PDF Report AI Action Plan
  • FAQ (Frequently Asked Questions)
    • Account & Subscription
      • Can I change my subscription at any time?
      • Can I delete my account at any time?
      • Which payment methods does VScanner accept?
    • Scans & Reports
      • Can I export the scan result to PDF?
      • I fixed the vulnerabilities found on the last scan, how do I run a new one?
      • How often can I run a scan?
      • How long will it take for a scan to complete?
      • What is a target on VScanner?
      • How to scan a website on VScanner?
      • How does VScanner work?
    • Web Security Vulnerabilities
      • How to protect from cyber attacks?
      • List of OWASP TOP 10 vulnerabilities for 2021-2022
      • What are the most common vulnerabilities on websites?
      • How to fix - Broken Access Control
      • How to fix - Extension Vulnerabilities
      • How to fix - Plugin Vulnerabilities
      • How to fix - CMS Vulnerability
      • How to fix - Weak HTTPS Configurations
      • How to fix - Invalid HTTPS Certificates
      • How to fix - Session Failure
      • How to fix - Validation Failure
      • How to fix - Authorization Failure
      • How to fix - Weak Authentication
      • How to fix - Sensitive Data Exposure
      • How to fix - Cross-Site Request Forgery (CSRF)
      • How to fix - Local File Injection (LFI)
      • How to fix - Remote File Injection (RFI)
      • How to fix - Cross-Site Scripting (XSS)
      • How to fix - Command Injection
      • How to fix - SQL Injection
Powered by GitBook
On this page
  1. FAQ (Frequently Asked Questions)
  2. Web Security Vulnerabilities

How to fix - Invalid HTTPS Certificates

An invalid HTTPS certificate refers to a situation where the certificate used to establish an HTTPS connection between a client and a server is not valid or trusted. This can happen for several reasons, such as:

  • The certificate has expired

  • The certificate is not signed by a trusted certificate authority (CA)

  • The certificate is not associated with the domain name of the website

  • The certificate has been revoked by the issuing CA

  • The certificate is not properly configured on the server

When a client, such as a web browser, connects to a website over HTTPS, it will check the validity of the certificate to ensure that it is issued by a trusted CA and that it is associated with the domain name of the website. If the certificate is not valid, the client will display a warning message to the user, indicating that the connection is not secure. To fix an invalid HTTPS certificate, the website owner should obtain a valid certificate from a trusted CA, and properly configure it on the web server. If the certificate has expired, it should be renewed or replaced with a new one. If the certificate is associated with a different domain name, the website owner should contact the CA to correct the issue. It's also important to ensure that the certificate is properly installed and configured on the web server, and that it is associated with the correct domain name. It is also important to keep the software and systems up-to-date, and to have a plan in place for monitoring and renewing the certificates.

PreviousHow to fix - Weak HTTPS ConfigurationsNextHow to fix - Session Failure

Last updated 11 months ago