Facebook Releases Free Certificate Transparency Monitoring Tool
The Facebook tool detects certificates issued for specified domains.
Facebook has released a free tool for Certificate Transparency monitoring to aide website owners and domain administrators. The tool enables users to easily search Certificate Transparency logs and set up automatic monitoring that alerts you when any new certificates are issued for your domains.
Certificate Transparency (CT) is one of the most significant improvements to the Web PKI infrastructure, which SSL and Certificate Authorities are part of. CT allows Certificate Authorities, who issue certificates, to publicly log them for everyone to see. By providing transparency into what certificates are being issued, the community can quickly detect when a certificate has been mis-issued, which is one of the most critical security threats to SSL/TLS.
Before CT existed, there was no effective way of doing this. Large internet companies and researchers could scan and monitor what certificates they see out there, but that gave an incomplete picture at best, and gave smaller organizations no chance of knowing if certificate’s were being improperly issued for their domains.
Next year, Chrome will require Certificate Transparency for all SSL certificates, which will make monitoring significantly more effective. Mozilla has also pledged to support Certificate Transparency in their browser.
Facebook’s monitoring tool searches through CT logs and stores the data, updating on an hourly basis so that data is always fresh and any problems can be detected quickly.
It’s a simple tool, but has all the essential features you need. You can search by domain name, and subscribe to receive email alerts whenever an SSL certificate is issued for that domain. For each certificate you can easily see the domains it is issued for, subject information, issuer, validity period, and the PEM formatted certificate.
Monitoring Certificate Transparency logs can be useful in a number of scenarios. The most important function is detecting malicious certificate issuance – where an attacker has been able to defeat or compromise a CA and issue a certificate for your domain.
Monitoring can also help with everyday administrative tasks.
Larger organizations often struggle with keeping track of where and when certificates are being deployed across their network. We have seen different departments within an org buying certificate from multiple providers, or even setting up multiple accounts with the same provider. This can cause a bit of a headache when it comes to billing and efficient management. If you set up CT monitoring, you can quickly catch this and consolidate your certificate issuance.
You can start using Facebook’s tool today, and sign up for emails alerts for all your domains. The only downside to Facebook’s tool is that you need a Facebook account to use it.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown