Skip to main content

SSL Scanning

Overview of SSL Certificate Scanning

As part of our comprehensive asset discovery and vulnerability assessment process, we scan your organization's digital assets to identify and analyze SSL/TLS certificates. This process helps ensure the security and compliance of your web services.

How We Scan for SSL Certificates

  1. Asset Discovery:
    • We start by identifying all domains and subdomains associated with your organization.
    • This includes public-facing web servers, mail servers, and other services that use SSL/TLS.
  2. Port Scanning:
    • We scan common SSL/TLS ports (e.g., 443 for HTTPS, 25 for SMTP) across all identified IP addresses.
  3. SSL/TLS Handshake:
    • For each responsive port, we initiate an SSL/TLS handshake to retrieve the certificate information.
  4. Certificate Chain Analysis:
    • We analyze the entire certificate chain, including root and intermediate certificates.
  5. Certificate Data Extraction:
    • We extract key information from each certificate, including:
      • Subject (domain name)
      • Issuer (Certificate Authority)
      • Valid from/to dates
      • Key size and algorithm
      • Serial number

What We Look For

  1. Certificate Expiry:
    • We identify certificates that are expired or nearing expiration (e.g., within 30 days).
  2. Weak Cryptography:
    • We flag certificates using outdated algorithms (e.g., SHA-1) or insufficient key sizes.
  3. Hostname Mismatch:
    • We check if the certificate's subject matches the hostname it's served from.
  4. Self-Signed Certificates:
    • We identify self-signed certificates, which are generally not trusted for public-facing services.
  5. Revoked Certificates:
    • We check certificate revocation status using CRL and OCSP.
  6. Vulnerable SSL/TLS Versions:
    • We detect if servers support outdated and vulnerable SSL/TLS versions (e.g., SSL 3.0, TLS 1.0).
  7. Certificate Transparency:
    • We verify if certificates are logged in Certificate Transparency logs, as required by many browsers.
  8. Wild Card Certificates:
    • We identify and flag the use of wildcard certificates, which can pose additional risks if compromised.

Reporting

Our scanning process generates a comprehensive report that includes:

  • A list of all discovered SSL/TLS certificates across your assets
  • Details of each certificate, including expiry dates and potential issues
  • Prioritized list of certificates requiring attention (e.g., near expiry, vulnerable configurations)
  • Recommendations for addressing identified issues
Back to top