CertGraph: A Tool to Crawl the Graph of SSL Certificate Alternate Names using Certificate Transparency

SSL Certificates and Certificate Authorities are the backbone of how secure communication works online for most secure protocols these days. This has worked well for quite some time, but fails when you can no longer trust the Certificate Authorities as we have seen when they are breached or misbehave. Certificate Transparency was created as a way to allow anyone to publicly audit the behavior of a Certificate Authority to solve this problem, and it does just that. But there are also unintended privacy side effects not as well known about Certificate Transparency, both for the end user and server’s organization. After covering the background about how Certificate Transparency works, I will tell you what you need to know to protect yourself and your organization. Finally I introduce CertGraph, a new tool being developed to uncover and enumerate domains hiding in SSL certificate Alternative Names. CertGraph crawls internet accessible certificates through exposed hosts and Certificate Transparency logs creating a visual graph of certificates and domains. CertGraph has already been used to identify internal and public domains an organization may not want public knowledge of, host enumeration for an organization and its related partners, and misconfigured SSL certificates for incorrect domains.

Presented by