- November 29, 2023: How a TLS/SSL Certificates finding is generated.
- January 4, 2023: Published.
TLS/SSL Certificates data is collected by establishing a TLS connection between an asset and a hostname or IP address.
- When a hostname is known, a TLS handshake is performed with the Server Name Indication (SNI) field set to the hostname. This allows the server to know which certificate to present to the connecting client.
- When the hostname is not known, the TLS connection is established with an IP address. There is no way to provide a hostname in the SNI field of the TLS handshake so the collected certificate is subject to all of the assessments performed by our algorithm (graded negatively). See recommendations.
- Some services in their default configuration present an automatically-generated, self-signed certificate.
Examples: Kubernetes Ingress and Traefik Proxy.
A unique finding is generated for each asset/certificate combination. Certificates can be applied to multiple assets and findings are generated based on each unique access point so the asset could be identified by:
- Domain name
- IP:port combination
- Both (domain name and IP:port)