FYI Do you want a list of your let's encypt certs?

big charlie

big charlie

Active Member
Joined
Aug 20, 2013
Messages
115
Reaction score
30
You guys already know about this?

This may be usefully and/or scary. Enter a domain and you get a list of certs on it, incl subdomains. So if you have subdomains that you think are hidden, they can be found here.

crt.sh | Certificate Search

Free CT Log Certificate Search Tool from Sectigo (formerly Comodo CA)
crt.sh

medium.com

By the way, the list of SSL/TLS certificates issued to you (including subdomains) is public!

Are you comfortable with the fact that others can find out about your production environment simply by querying a public database?
medium.com medium.com
 
Could be an argument for wildcard certs, but best assumption is anything publicly accessible will be found.
 
I'm a liitle confused here, do you guys think that a valid ssl/tsl certificate is to protect yourselves?

(It is vise versa)

How has anybody used these public records of certs (which by definition need to be public), to find a hostname of any ip that acceptably uses it?


Bigger problem, if you loose control of a wildcard cart, all your stuff is exposed
 
Last edited:
dicko said:
I'm a liitle confused here, do you guys think that a valid ssl/tsl certificate is to protect yourselves?

(It is vise versa)

How has anybody used these public records of certs (which by definition need to be public), to find a hostname of any ip that acceptably uses it?


Bigger problem, if you loose control of a wildcard cart, all your stuff is exposed
Click to expand...
I'm not saying anything other than wildcard as an option if the dns name being exposed via the certificate concerns you.

Outside of temp/test scenarios, I don't use wildcard certs.

If a system is on the net, assume it will be discovered and probed.

Also, it should be noted the information is not limited to letsencrypt certs. Thread title implies this is a letsencrypt "issue." It isn't - it applies to all certs - just the way things are.
 
Well, I would agree, but the concept of expecting a 'cert' to be in any way 'anonymous' is to me just plain wtf bizarre
 
dicko said:
Well, I would agree, but the concept of expecting a 'cert' to be in any way 'anonymous' is to me just plain wtf bizarre
Click to expand...
Very little is anonymous these days.

I think finding out "some.obscure.hostname.mydomain.com" is so easily discovered was the shock. Security through obscurity is foolhardy, but I can understand the reaction once faced with the reality check.

A lot of folks who should know better are surprised at how much info is readily available for free at sites like censys.io or shodan.io with google search simplicity.
 
You must log in or register to reply here.

Members online

No members online now.
Total: 39 (members: 0, guests: 39)

Latest Posts

Forum statistics

Threads
26,688
Messages
174,412
Members
20,257
Latest member
Dempan
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Back
Top