SSL Untrusted Root Certificate

Severity: Medium

Invicti detected that the SSL Certificate is not signed by the trusted root.


It can impact both website and the users:

  • Warning error messages displayed by browsers when visiting the site
  • Personal information at risk from man-in-the-middle attacks
  • Reduction in trust as the site becomes insecure
  • Ability for an attacker to create identical phishing website

The process of fixing untrusted root certificate issues varies depending on the host or the certificate authority used. Please refer to the corresponding documentation.

Invicti Logo

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo