ICYMI: last week I rolled out a HUGE upgrade to Cert Spotter. Now that the post-rollout craziness has subsided, let me tell you about my favorite new features... (1/9)https://twitter.com/SSLMate/status/1195051373911560192 …
-
Prikaži ovu nit
-
First: expiration monitoring! Cert Spotter now monitors every one of your domains and sub-domains found in CT logs and alerts you about expiring certificates - whether it's a forgotten manual certificate, or a broken automated certificate. (2/9)pic.twitter.com/ngOdiT0Dpe
1 reply 0 proslijeđenih tweetova 3 korisnika označavaju da im se sviđaPrikaži ovu nit -
If the endpoint is running a public HTTPS server, Cert Spotter checks the expiration date of the live certificate. Otherwise, it looks in CT logs to see if the certificate has been renewed. (Coming soon: monitoring for other installation errors, like missing intermediates.) (3/9)
1 reply 0 proslijeđenih tweetova 4 korisnika označavaju da im se sviđaPrikaži ovu nit -
Second: say goodbye to alert fatigue! I know you're busy, so I only want to bother you when there's really a problem. If you trust some CAs, you can choose not to be alerted about their certificates. Trusting the 1-3 CAs that you use is WAY better than trusting all 100+. (4/9)pic.twitter.com/hzvYD5xkAo
1 reply 0 proslijeđenih tweetova 4 korisnika označavaju da im se sviđaPrikaži ovu nit -
Or, if your issuance is automated, there's an API for telling Cert Spotter about your legitimate certificates so you won't be alerted about them. Imagine: plugins for Certbot, Caddy, etc. that automatically authorize all certs that they issue! https://sslmate.com/certspotter/whitelisting_api … (5/9)
1 reply 0 proslijeđenih tweetova 3 korisnika označavaju da im se sviđaPrikaži ovu nit -
Third: Cert Spotter now tells you who REALLY issued a certificate, and who you need to contact to get it revoked, which will reduce confusion and save you precious time responding to an unwanted certificate. (6/9)pic.twitter.com/SGBRJnpIX0
3 proslijeđena tweeta 17 korisnika označava da im se sviđaPrikaži ovu nit -
It doesn't sound hard to figure out who issued a certificate, but because of all the acquisitions and obscure business arrangements in the WebPKI, you often needed to be a WebPKI expert to figure it out. Now you can just use Cert Spotter. (7/9)
1 reply 0 proslijeđenih tweetova 6 korisnika označava da im se sviđaPrikaži ovu nit -
This minor feature was hard to implement but will have a big impact on making Certificate Transparency more usable by non-experts. Other monitors will tell you that a certificate was issued by a company that isn't a certificate authority, or hasn't existed for a decade. (8/9)
1 reply 0 proslijeđenih tweetova 9 korisnika označava da im se sviđaPrikaži ovu nit -
Do you want monitoring that will prevent downtime, improve your security, while being easy to use? Sign up for Cert Spotter here: https://sslmate.com/signup?for=certspotter … (9/9)
0 proslijeđenih tweetova 7 korisnika označava da im se sviđaPrikaži ovu nit
Sweet! Re trusted CAs - are you analyzing CAA records to inform that?
-
-
Odgovor korisniku/ci @TychoTithonus
When you sign up, the list is automatically populated based on your CAA records. Currently, that's the only time CAA is checked. Since DNS is unauthenticated and non-transparent, I don't want to silently change the authorized CA list based on CAA lookups.
1 reply 0 proslijeđenih tweetova 2 korisnika označavaju da im se sviđa -
Odgovor korisniku/ci @__agwa
Totally understood - but maybe something advisory, and visible to the user, could be helpful. If there is a mismatch between CAA and the authorized CA list, that would be very useful to know. Just throwing it out there.
1 reply 0 proslijeđenih tweetova 0 korisnika označava da im se sviđa - Još 1 odgovor
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
:










