CertGraph - A Tool to Crawl the Graph of SSL Certificate Alternate Names Using Certificate Transparency

Explore the world of SSL certificates and Certificate Transparency in this 23-minute conference talk by Ian Foster. Dive into the unintended privacy implications of Certificate Transparency for both end-users and organizations. Learn about CertGraph, a new tool for uncovering and enumerating domains hidden in SSL certificate Alternative Names. Discover how CertGraph crawls internet-accessible certificates through exposed hosts and Certificate Transparency logs, creating visual graphs of certificates and domains. Gain insights into identifying internal and public domains, host enumeration, and misconfigured SSL certificates. Understand the background of Certificate Transparency, its importance in solving trust issues with Certificate Authorities, and how to protect yourself and your organization from potential privacy risks.

Introduction
Overview
Alt Names
Obtaining a Certificate
What happens if a Certificate Authority misbehaves
DigiNotar
Symantec
Certificate Transparency
Time Life
How it works
Emergency logs
DNS record
Expect certificate
Search engines
CertGraph
Web Interface
CDN