Collaborate Disseminate
Scott Helme, the well-known security researcher, international speaker and the founder of the securityheaders.com and report-uri.com free tools for web security, has devoted himself to improving the security environment of the internet for the past dec… Continue reading Newsmaker Interview: Scott Helme on Securing the Web
I’m experimenting with scanning certificate transparency logs for my domains, and I’d like to filter out log entries for legitimately issued certificates so I only get alerts when someone else gets ahold of a certificate for … Continue reading How do I determine if a certificate in a CT log is my own?
If a pre-certificate is generated and submitted to certificate transparency logs, the final certificate can include SCT receipts.
So the final certificate doesn’t need to be submitted to ct-logs in order to be valid in brows… Continue reading Certificate transparency: should the certificate be submitted to ct-logs if the pre-certificate is already submitted
I want to know some information about the regulation of intermediate CAs. Is there any standard for intermediate CA to determine how many intermediate CAs are required or something like that which concerns the application of … Continue reading standards for regulation of intermediate Certificate authority
I am reading a bit on the certificate transparancy project initiazed by google. (More info at http://www.certificate-transparency.org), this technology tries to introduce transparency in the creation of CA certificates. Their… Continue reading What is the status of Certificate Transparency?
…and then there’s this: Certstream, ostensibly, a near ‘real-time’ certificate transparency log stream (in this case an update stream that security engineers can plug-into their unholy workflow).
Fundamentally, security administrators – through pr… Continue reading See You, See Me: Certificate Transparency
I have an Amazon-issued certificate (via AWS Certificate Manager) for a number of subdomains (CN = *.aws.jamymahabier.nl). However, it is not showing up in the logs at crt.sh (only the Let’s Encrypt-issued certificate for my … Continue reading Why does my Amazon-issued certificate not show up in the certificate transparency logs?
Suppose I have a certificate sha-256 fingerprint, which I can obtain say visiting the relevant domain in firefox or from a shell script using openssl, and i want to verify this fingerprint. one option is to look up the domain… Continue reading ways to check a certificate fingerprint against known logs
I have a basic question regarding fingerprints of https certificates, the specific case I wanted to check being my online banking service. With firefox on linux, I can visit the specific web page and then click on the green l… Continue reading methods to check https certificates
The Python library for searching certificate logs has very little documentation. How is it possible to use it to search the logs and retrieve something intelligible?
The closest I can find is just to run dashboard.py or simp… Continue reading How to use certificate-transparency library?