About the Default SSL Certificate Certificate
This certificate with serial number 54:3f:86:95:00:0c:88:04 for Default SSL Certificate was issued on by itself (self-signed).
This Certificate has already expired and will cause a warning or error message. We have found some issues with the compliance of this certificate, they are be shown below. We hope this Certificate review for Default SSL Certificate provides you with the detailed information you were looking for.
We have identified some issues with this certificate:
- CAs must include keyIdentifer field of AKI in all non-self-issued certificates (RFC 5280: 4.2.1.1)
- Subscriber certificates MUST contain the Subject Alternate Name extension (BRs: 7.1.4.2.1)
- Subscriber Certificate: authorityInformationAccess MUST contain the HTTP URL of the Issuing CA's OSCP responder. (BRs: 7.1.2.3)
- Subscriber Certificate: authorityInformationAccess MUST be present. (BRs: 7.1.2.3)
- Subscriber certificates must contain at least one policy identifier that indicates adherence to CAB standards (BRs: 7.1.2.3)
- Subscriber Certificate: certificatePolicies MUST be present and SHOULD NOT be marked critical. (BRs: 7.1.2.3)
- The common name field in subscriber certificates must include only names from the SAN extension (BRs: 7.1.4.2.2)
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
- Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)