Certificate is not trusted (Even updated cert store)
r0oth3x49 opened this issue · comments
Describe the bug
I was testing sslyze against impactechs.com
, sslyze says certificate is not trusted for all trust stores (mozilla, android, java etc).
To Reproduce
Steps to reproduce the behavior:
- Installed sslyze using pip (the latest version)
- Run the following command
sslyze --certinfo impactechs.com
- the error will say for all store the cert is not trusted, unable to fetch local issuer.
Expected behavior
The certificate should be trusted the web is behind cloudflare when i run sslyze against IPs assigned to that website then the cert store trust the certificate but not against the domain.
Python environment (please complete the following information):
- OS: Ubuntu 20.04.2 LTS
- Python version: 3.8.10
Additional context
Ran ssllabs against the same domain and it reports no trust issues while sslyze does.
Hello,
This is because the certificate chain sent by the server is incomplete; SSLyze is unable to build the chain. It's also flagged by SSL Labs:
You would have to tweak the server's configuration so that it does return the missing intermediate certificate (Sectigo RSA Domain Validation Secure Server CA).