WebX Auditor

TLS certificate chain is trusted

The certificate chain must validate against public trust stores — not self-signed, not missing intermediates, not from an untrusted CA. Browsers show a full-page security warning otherwise, training users to click through warnings.

Security OWASP ASVS V9.1.1 (trusted certificate chain) Advanced Security Audit
In short

The TLS certificate chain is not trusted (self-signed, untrusted CA, or missing intermediate). This check is fully automated — the scanner returns a definitive pass or fail.

How to fix it

Install a certificate from a publicly trusted CA and serve the complete chain (leaf + intermediates) in the correct order.

Standards this maps to

Frameworks that require this

Advanced Security Audit

Severity

critical — a blocking issue that should be fixed first.

Scans this and 300+ other checks across accessibility, SEO, security & speed — first audit free.

Related checks

Contingency Management PlanData ProtectionSQL Injection ProtectionXSS Protection (CSP preferred over X-XSS-Protection)CSRF Token ValidationSecure File UploadInput ValidationTLS 1.2+ EnforcementSecurity Headers CSP and HSTSCookie Security Flags