Windows 10: SSL Certificate Cannot Be Trusted - nessus vulnerability

SSL Certificate Cannot Be Trusted - nessus vulnerability The following certificate was at the top of the certificatechain sent by the remote host, but it is signed by an unknowncertificate authority :-Subject : CN=SMMUMVSAPS01.sm.ad-Issuer : DC=ad/DC=sm/CN=SAMC-CA-SERVER3389 / tcp 192.201.0.71

:)

 

SSL Certificate Signed Using Weak Hashing Algorithm

Tenable Scan provides the below report but i dont see any certificate with MD2, MD4, MD5, or SHA1.

Could you please advise the fix for this case?

An SSL certificate in the certificate chain has been signed using a weak hash algorithm.

The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected service.



Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.



Note that certificates in the chain that are contained in the Nessus CA database (known_CA.inc) have been ignored.

 

changing SSL certification in Windows 10 Mail

Hi,

Assuming you are seeing the error: "There is a problem with the server's security certificate. The security certificate is not from a trusted certifying authority.", it often happens when you don't use SSL to secure your email account. To fix this error,
use the following steps:

• Choose Settings > Manage Accounts.
• Choose the account that's out-of-date to display the account settings dialog.
• Choose Change mailbox sync settings > Advanced mailbox settings. You may have to scroll down in the dialog to see Advanced mailbox settings.
• Check the boxes for Require SSL for incoming email and
  Require SSL for outgoing email and then choose Done >
  Save.

Let us know how it goes.

 

N8 certificates not trusted/don't match the name

Well I worked out for myself how to verify the certificates are genuine:

• Using a desktop computer
• Go to the page with the certificates
• Select a certificate
• It will say either:
  • Certificate already exists - this confirms that the certificate on the website matches one already in your browser, which we already trust, therefore the certificate on the website is trustworthy
  • Asks if you want to install the certificate, DON'T.
    • First view the certificate details.
    • Copy the certificate serial number or SHA1/SHA256/MD5/etc hash
    • Paste this into a search engine
    • If another website that you trust lists the certificate, e.g. your phone manufacturer or another trusted website (preferably a secure website, therefore you have confidence the website is genuine), then you can trust the certificate
    • If no trustworthy sites are returned in the search then try another hash or serial number
    • If you can't find any trustworthy sites listing the certificate then I suggest you don't trust it.
• Finally, if you decide you trust a certificate then you can download and install on your phone.