Skip to main content
All CollectionsControl Tests
Test: SSL/TLS on Admin Page of Infrastructure Console
Test: SSL/TLS on Admin Page of Infrastructure Console

Drata inspects an HTTPS request to your company infrastructure admin console to determine the presence and status of an SSL certificate.

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago

ASSOCIATED DRATA CONTROL

This test is part of the Require Encryption of Web-Based Admin Access control that ensures your company uses encryption to protect user authentication and admin sessions of the internal admin tool transmitted over the Internet.

WHAT TO DO IF A TEST FAILS

If Drata finds that your company infrastructure admin console has an issue with its SSL/TLS configuration it may be that a certificate has either expired or is not from a valid authority the test will fail. The test may also fail in the case where the URL domain does not match the certificate domain.

To remediate a failed test, you will need to work with your infrastructure provider to ensure that the SSL/TLS configuration of your admin console has a valid certificate for the appropriate domain.

STEPS FOR PASSING

Drata performs the following URL checks when testing to validate a successful SSL/TLS connection:

To successfully validate when using Cloudflare, please ensure the following have been connected to Drata by an Admin:

  • Identity Provider

  • Cloudflare

HELPFUL RESOURCES

Did this answer your question?