Publication Date – January 4, 2023
TLS/SSL Certificates data is collected by establishing a TLS connection between an asset and a hostname or IP address.
- When a hostname is known, a TLS handshake is performed with the Server Name Indication (SNI) field set to the hostname. This allows the server to know which certificate to present to the connecting client.
- When the hostname is not known, the TLS connection is established with an IP address. There is no way to provide a hostname in the SNI field of the TLS handshake so the collected certificate is subject to all of the assessments performed by our algorithm (graded negatively). See recommendations.
- Some services in their default configuration present an automatically-generated, self-signed certificate.
Examples: Kubernetes Ingress and Traefik Proxy.