Network

Levels of estimated error severity.

If an error is present in the context of an API (or endpoint), it applies only to that API (or endpoint).

Critical

This severity level implies that the process always/usually works badly.

MAJOR

This severity level implies that the process works badly in some cases.

MEDIUM

This flaw results in unfavorable behavior but the system remains functioning.

LOW

This type of flaw won’t cause any major breakdown in the system.


List of identified issues in this category (click on the title to show details)

Description

A website with this SSL misconfiguration might work fine in the browser, but it won't work for clients that do not support AIA Fetching, e.g. in Python. The error can be reproduced with `curl`, it will return error: "curl: (60) SSL certificate problem: unable to get local issuer certificate".

Estimated severity

Critical

Examples

 

Suggested action

Test your website on SSL Server Test (Powered by Qualys SSL Labs). Configure properly your webserver.

How communicated

Monitoring system

11 HEIs (6 providers) in PROD, 9 HEIs (7 providers) in DEV

Description

Expired SSL certificate

Estimated severity

Critical

Examples

 

Suggested action

The certificate needs to be renewed

How communicated

Monitoring system

At least 3 HEIs (2 providers) in PROD, 39 HEIs (9 providers) in DEV