When an SSL/TLS Certificate gives a Failed Security Review warning, it can be due to a Random Security Review. There is an ongoing Fraud Prevention campaign, which occasionally flags an order and it undergoes an additional security review by the Certificate Authority.
TABLE OF CONTENTS
Understanding an SSL Failed Security Review Warning
Certificate Authorities (CAs) occasionally flag orders for additional security reviews as part of their fraud prevention measures. These reviews are random and not necessarily indicative of any wrongdoing on your part.
During this review, the order remains pending until the manual security check is completed, which usually takes approximately 24 hours. Once it’s done, your SSL should function as normal.
Part of the reason for these security reviews is that hackers can manage to obtain a legitimate CA’s login credentials and use them to issue fake SSLs that appear genuine.
These fake certificates allow hackers to create a site that looks identical to the real one, even showing the padlock icon that indicates a safe connection. However, data transferred between this fake site and its server is not encrypted, putting users at risk of having sensitive personal and financial information stolen.
Additional Information
Other reasons why you could also encounter an SSL Failed Security Review warning, here are the more common SSL Certificate validity errors you may encounter.
Expired Certificate
If your SSL Certificate has expired, it can cause a security warning. Ensure you track your certificate’s expiration date and renew it before it lapses to maintain continuous security. If your certificate has expired, contact your provider to renew it.
Revoked Certificates
If your certificate has been revoked by the Certificate Authority (CA) due to security concerns, it cannot be used. Regularly check your certificate status to ensure it remains valid.
Untrusted Certificate Authority
Ensure your certificate is issued by a trusted CA. Using certificates from reputable CAs will prevent security warnings.
You can verify your site’s SSL validity by checking the web address in your browser. The URL should start with HTTPS and display a padlock icon. Clicking on the icon will allow you to view and confirm the certificate’s details.
Configuration & Installation Issues
Sometimes, human error can lead to security problems, such as not properly installing or configuring your SSL Certificate.
Domain Name Mismatch
Your SSL Certificate must cover the exact domain names associated with your website. Any mismatches can trigger security warnings. Ensure the person or provider setting up your SSL Certificate configures it correctly to match the associated URL.
Incomplete Certificate Chain
A complete and correctly configured certificate chain is essential for security. Verify that your certificate chain is fully established and properly set up.
Addressing these issues promptly is crucial for safeguarding your website and visitors’ data. If you encounter any of these errors and cannot resolve them yourself, contact our Support Team for assistance.
