Which of the following is the b«« way to fix this issue?

A security analyst received a report that an internal web page is down after a company-wide update to the web browser Given the following error message:

Which of the following is the b«« way to fix this issue?

A. Rewriting any legacy web functions

B. Disabling all deprecated ciphers

C. Blocking all non-essential pons

D. Discontinuing the use of self-signed certificates

View Answer

Answer: D

Explanation:

The error message "NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM" indicates that the web browser is rejecting the certificate because it uses a weak signature algorithm. This commonly happens with self-signed certificates, which often use outdated or insecure algorithms.

Why Discontinue Self-Signed Certificates?

Security Compliance: Modern browsers enforce strict security standards and may reject certificates that do not comply with these standards.

Trusted Certificates: Using certificates from a trusted Certificate Authority (CA) ensures compliance with security standards and is less likely to be flagged as insecure.

Weak Signature Algorithm: Self-signed certificates might use weak algorithms like MD5 or SHA-1, which are considered insecure.

Other options do not address the specific cause of the certificate error:

A. Rewriting legacy web functions: Does not address the certificate issue.

B. Disabling deprecated ciphers: Useful for improving security but not related to the certificate error.

C. Blocking non-essential ports: This is unrelated to the issue of certificate validation.

References:

CompTIA SecurityX Study Guide

"Managing SSL/TLS Certificates," OWASP

"Best Practices for Certificate Management," NIST Special Publication 800-57