ICYMI: last week I rolled out a HUGE upgrade to Cert Spotter. Now that the post-rollout craziness has subsided, let me tell you about my favorite new features... (1/9)https://twitter.com/SSLMate/status/1195051373911560192 …
-
Prikaži ovu nit
-
First: expiration monitoring! Cert Spotter now monitors every one of your domains and sub-domains found in CT logs and alerts you about expiring certificates - whether it's a forgotten manual certificate, or a broken automated certificate. (2/9)pic.twitter.com/ngOdiT0Dpe
1 reply 0 proslijeđenih tweetova 3 korisnika označavaju da im se sviđaPrikaži ovu nit -
If the endpoint is running a public HTTPS server, Cert Spotter checks the expiration date of the live certificate. Otherwise, it looks in CT logs to see if the certificate has been renewed. (Coming soon: monitoring for other installation errors, like missing intermediates.) (3/9)
1 reply 0 proslijeđenih tweetova 4 korisnika označavaju da im se sviđaPrikaži ovu nit -
Second: say goodbye to alert fatigue! I know you're busy, so I only want to bother you when there's really a problem. If you trust some CAs, you can choose not to be alerted about their certificates. Trusting the 1-3 CAs that you use is WAY better than trusting all 100+. (4/9)pic.twitter.com/hzvYD5xkAo
1 reply 0 proslijeđenih tweetova 4 korisnika označavaju da im se sviđaPrikaži ovu nit -
Or, if your issuance is automated, there's an API for telling Cert Spotter about your legitimate certificates so you won't be alerted about them. Imagine: plugins for Certbot, Caddy, etc. that automatically authorize all certs that they issue! https://sslmate.com/certspotter/whitelisting_api … (5/9)
1 reply 0 proslijeđenih tweetova 3 korisnika označavaju da im se sviđaPrikaži ovu nit -
Third: Cert Spotter now tells you who REALLY issued a certificate, and who you need to contact to get it revoked, which will reduce confusion and save you precious time responding to an unwanted certificate. (6/9)pic.twitter.com/SGBRJnpIX0
3 proslijeđena tweeta 17 korisnika označava da im se sviđaPrikaži ovu nit -
It doesn't sound hard to figure out who issued a certificate, but because of all the acquisitions and obscure business arrangements in the WebPKI, you often needed to be a WebPKI expert to figure it out. Now you can just use Cert Spotter. (7/9)
1 reply 0 proslijeđenih tweetova 6 korisnika označava da im se sviđaPrikaži ovu nit -
This minor feature was hard to implement but will have a big impact on making Certificate Transparency more usable by non-experts. Other monitors will tell you that a certificate was issued by a company that isn't a certificate authority, or hasn't existed for a decade. (8/9)
1 reply 0 proslijeđenih tweetova 9 korisnika označava da im se sviđaPrikaži ovu nit -
Do you want monitoring that will prevent downtime, improve your security, while being easy to use? Sign up for Cert Spotter here: https://sslmate.com/signup?for=certspotter … (9/9)
0 proslijeđenih tweetova 7 korisnika označava da im se sviđaPrikaži ovu nit -
Odgovor korisniku/ci @__agwa
Sweet! Re trusted CAs - are you analyzing CAA records to inform that?
1 reply 0 proslijeđenih tweetova 1 korisnik označava da mu se sviđa
When you sign up, the list is automatically populated based on your CAA records. Currently, that's the only time CAA is checked. Since DNS is unauthenticated and non-transparent, I don't want to silently change the authorized CA list based on CAA lookups.
-
-
Odgovor korisniku/ci @__agwa
Totally understood - but maybe something advisory, and visible to the user, could be helpful. If there is a mismatch between CAA and the authorized CA list, that would be very useful to know. Just throwing it out there.
1 reply 0 proslijeđenih tweetova 0 korisnika označava da im se sviđa -
Odgovor korisniku/ci @TychoTithonus
I totally agree, and something is in the works :-)
0 replies 0 proslijeđenih tweetova 1 korisnik označava da mu se sviđa
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.