Skip to main content
All CollectionsMonitoringTests
Test: SSL/TLS Configuration has No Known Issues
Test: SSL/TLS Configuration has No Known Issues

Drata makes a request to your company website to inspect its SSL/TLS configurations and determine if there are any known issues

Updated over 2 years ago

ASSOCIATED DRATA CONTROL

This test is part of the SSL/TLS Enforced control that ensures all connections to your company web application from users are encrypted and using SSL/TLS. Drata will confirm that SSL/TLS configurations are used to encrypt all data in transit with your web application.

WHAT DOMAINS/URLS ARE CHECKED

Company domain and product URL specified in Drata. The Drata company domain may not include the http or https protocol, or the www subdomain. This means Drata is testing the SSL certificate on that domain specifically.

WHAT IT DOES

Tests that the server rejects older SSL and TLS protocols. Also checks that the SSL/TLS certificate is valid and that the hostname on the certificate matches the domain above.

WHY ARE WE TESTING THIS?

Most browsers will display an error and possibly block users from visiting a site with known issues with the SSL/TLS configuration. This can lead to exposing sensitive data to an attacker.

WHAT TO CHECK IF IT FAILS

A modern browser will show an error in the location bar if there is an issue with the SSL/TLS connection. Open your browser with the domains/urls above and inspect the lock icon in the location bar.

User-uploaded Image

REMEDIATION

Since this test covers a wide range of issues, remediation will be specific to each case. Common troubleshooting paths include:

  • Verify if you possess and have bundled your intermediate certificates within your SSL chain

  • Verify that all SSL certificates installed on your domain were actually created for that same domain

  • Verify that you have set up a redirect from port 80 (http) to port 443 (https) on your domain

  • Verify that you do not have any DNS rules ignoring or rejecting requests from Drata's user agent or IP address

  • Verify that your DNS and/or hosting provider do not have inconsistent or unsustained connections when receiving first requests from Drata's user agent or IP address

HELPFUL RESOURCES

Did this answer your question?