When an SSL/TSL Certificate gives a “Failed Security Review” warning, it can be due to a Random Security Review.
Certificate Authorities (CAs) occasionally flag orders for additional security reviews as part of their fraud prevention measures. These reviews are random and not necessarily indicative of any wrongdoing on your part.
During this review, the order remains pending until the manual security check is completed, which usually takes approximately 24 hours. Once it is completed, your SSL should function as normal.
Part of the reason for these security reviews is that hackers can manage to obtain a legitimate CA’s login credentials and use them to issue fake SSLs that appear genuine.
These fake certificates allow hackers to create a site that looks identical to the real one, even showing the padlock icon that indicates a safe connection. However, data transferred between this fake site and its’ server is not encrypted, putting users at risk of having sensitive personal and financial information stolen.
Table of Contents
Additional Information:
Certificate Validity Errors
There are several other reasons why you may also encounter a “Failed Security Review” warning.
Expired Certificates
If your SSL Certificate has expired, it may trigger a security warning. Note your certificate’s expiration date and renew it before it expires to ensure continuous security. that your certificate is up to date. If it has expired, you can contact your provider and renew it.
Revoked Certificates
If your certificate has been revoked by the CA that issued it due to security concerns, it cannot be used. Check the certificate’s status to ensure it is valid.
Untrusted Certificate Authority
Make sure your certificate is issued by a trusted CA. Using certificates from reputable CAs helps avoid security warnings.
You can tell if your site’s SSL is valid by checking the web address in your browser. The URL should have the “HTTPS” prefix and the padlock icon displayed. You can click on the icon to check the certificate’s details are correct.
Configuration and Installation Issues
Occasionally human error can be the cause of security errors. For example, not installing or setting up your SSL Certificate correctly.
Domain Name Mismatch
Certificates must cover the correct domain names associated with your website. Mismatches can trigger security alerts. Make sure that the person or provider who has configured your SSL Certificate has done it properly, so it matches the URL associated with it.
Incomplete Certificate Chain
An incomplete or incorrectly configured certificate chain can lead to security issues. Verify that your certificate chain is complete and properly set up.
Remember that addressing these issues promptly is for keeping your website and visitors’ data safe.
If you encounter any of these SSL Certificate errors and cannot fix them yourself, please reach out to our Support Team for assistance, or contact your SSL provider.