R091. Use internally signed certificates


The organization must use certificates signed by valid internal certification authorities when these are for internal applications.


  1. CWE-295: Improper Certificate Validation. The software does not validate, or incorrectly validates, a certificate.

  2. OWASP-ASVS v4.0.1 V9.2 Server Communications Security Requirements.(9.2.1) Verify that connections to and from the server use trusted TLS certificates. Where internally generated or self-signed certificates are used, the server must be configured to only trust specific internal CAs and specific self-signed certificates. All others should be rejected.

Service status - Terms of Use - Privacy Policy - Cookie Policy

Copyright © 2021 Fluid Attacks, We hack your software. All rights reserved.