Tuesday, October 17, 2017

HOWTO find certificates issued against your domain

CT certificate transparency is a means for the CA issued certificate to be logged  indirectly for transparency. This can be used to alert for  certificate issued against your domain without knowledge.

e.g

A rogue site installed  masking as yourdomain.com



A cool means for finding any certificates issue against your domain is to use crt.sh  site.

Here's a quick snippet of certificates issued against fortinet.com

NOTE: use the % sign before the domainname for a any search






You can even used this when doing PKI audit and forensic. Here's a site that had a certificate revoke




If you drill-in on id 165913200 you can get the revocation date  & when it was logged


crt.sh is very simple to use,  and can help provide  information for tracking , incident investigate and plain auditing for your domain(s) and x509 certificates.

You can find out details that  include

  •  previous/current certificates
  • the CAissuer that was used
  • lifetime-expiration details
  • revocation details and type
  • cert details ( sha fingerprint, pubkey,key size,etc......)


It's very hard to hide anything from certification-transparency


Ken

Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o
        /  \

No comments:

Post a Comment