What we analyze
The SSL/TLS protocol is fundamental to protecting communication between the user's browser and your web server. A misconfigured or expired certificate can expose sensitive data and generate security alerts that drive away visitors.
Verification points
Certificate validity
We verify that the certificate is current and correctly signed by a trusted authority.
Trust chain
We check that the certificate chain is complete and valid.
Supported protocols
We detect if obsolete protocols like TLS 1.0 or 1.1 are allowed.
Encryption algorithms
We evaluate cipher suites to detect weak or insecure algorithms.
Expiration date
We alert about certificates nearing expiration to avoid interruptions.
Server configuration
We verify configurations like Forward Secrecy and OCSP Stapling.
Why is it important?
Without a valid SSL certificate, data that users send through your website (passwords, payment details, personal information) can be intercepted by attackers. Additionally, Google penalizes sites without HTTPS in SEO and browsers display warnings that damage user trust.
Impact if it fails
- User data exposed in transit (passwords, cards)
- Browser warnings that drive away visitors
- SEO ranking penalty
- Possible GDPR sanction for inadequate technical measures (Art. 32)
Legal framework
Article 32 of GDPR requires implementing appropriate technical measures to ensure security of data processing. An invalid or misconfigured SSL certificate can be considered a breach of this obligation.
Potential sanctions
| Company type | Indicative fine |
|---|---|
| Microenterprise | €1,000 - €10,000 |
| SME | €10,000 - €300,000 |
| Large enterprise | Up to €10M or 2% revenue |