FYI Do you want a list of your let's encypt certs?

Joined
Aug 20, 2013
Messages
50
Reaction score
3
You guys already know about this?

This may be usefully and/or scary. Enter a domain and you get a list of certs on it, incl subdomains. So if you have subdomains that you think are hidden, they can be found here.


 

jerrm

Guru
Joined
Sep 23, 2015
Messages
514
Reaction score
213
Could be an argument for wildcard certs, but best assumption is anything publicly accessible will be found.
 
  • Like
Reactions: Charles Steiner

dicko

Still learning but earning
Joined
Oct 30, 2015
Messages
649
Reaction score
237
I'm a liitle confused here, do you guys think that a valid ssl/tsl certificate is to protect yourselves?

(It is vise versa)

How has anybody used these public records of certs (which by definition need to be public), to find a hostname of any ip that acceptably uses it?


Bigger problem, if you loose control of a wildcard cart, all your stuff is exposed
 
Last edited:
  • Like
Reactions: krzykat

jerrm

Guru
Joined
Sep 23, 2015
Messages
514
Reaction score
213
I'm a liitle confused here, do you guys think that a valid ssl/tsl certificate is to protect yourselves?

(It is vise versa)

How has anybody used these public records of certs (which by definition need to be public), to find a hostname of any ip that acceptably uses it?


Bigger problem, if you loose control of a wildcard cart, all your stuff is exposed
I'm not saying anything other than wildcard as an option if the dns name being exposed via the certificate concerns you.

Outside of temp/test scenarios, I don't use wildcard certs.

If a system is on the net, assume it will be discovered and probed.

Also, it should be noted the information is not limited to letsencrypt certs. Thread title implies this is a letsencrypt "issue." It isn't - it applies to all certs - just the way things are.
 

dicko

Still learning but earning
Joined
Oct 30, 2015
Messages
649
Reaction score
237
Well, I would agree, but the concept of expecting a 'cert' to be in any way 'anonymous' is to me just plain wtf bizarre
 

jerrm

Guru
Joined
Sep 23, 2015
Messages
514
Reaction score
213
Well, I would agree, but the concept of expecting a 'cert' to be in any way 'anonymous' is to me just plain wtf bizarre
Very little is anonymous these days.

I think finding out "some.obscure.hostname.mydomain.com" is so easily discovered was the shock. Security through obscurity is foolhardy, but I can understand the reaction once faced with the reality check.

A lot of folks who should know better are surprised at how much info is readily available for free at sites like censys.io or shodan.io with google search simplicity.
 
  • Like
Reactions: dicko

Members online

PIAF 5 - Powered by 3CX

Forum statistics

Threads
22,367
Messages
137,355
Members
14,575
Latest member
Issue