For internal use, Facebook had initially built its own CT monitoring service as FB uses various websites for marketing. Special events are also outsourced to the third party. To keep a track, which was not possible without monitoring services, CT played an important role. CT monitoring helps in tracking various sites even if direct management is delegated to another party. With the help of CT, the Facebook security team was able to detect two certificates issued for ‘fb.com’, which the security team had no knowledge of. Although after complete investigation it was discovered that the certificate was issued on request of another Facebook team but they failed to inform the FB security team in time.
A Tool To Detect Rogue SSL Certificates
Facebook had a good understanding of the importance of adapting CT and decided to build a tool for the public. This tool would help other companies to keep track of SSL certificate issues for their domains. With the help of this tool
How Facebook’s tool is helpful for domain
Facebook has come up with a tool to make it easier for domain owner (or security team) to search and keep track of certificates associated with their domain through CT logs. CT maintains logs listing TLS/SSL certificates, which are publicly accessible. CT framework outlines various rules and procedures, such as:
For further information, feel free to contact us on +1 (888) 606-7330. We will also help you to provide Comodo SSL Certificate for domain and sub-domain to secure your online business website. Go ahead and visit us at https://www.thesslstreet.com/.
A Tool To Detect Rogue SSL Certificates
Facebook had a good understanding of the importance of adapting CT and decided to build a tool for the public. This tool would help other companies to keep track of SSL certificate issues for their domains. With the help of this tool
- The Domain owner can detect a miss-issued certificate within an hour
- Keep track of existing certificates being used
- An Owner can subscribe to receive email alerts when a new certificate appears in CT logs
- Contact concerned CA, who issued the certificate
- Make sure that your identity is not compromised
- Consider revoking that certificate
How Facebook’s tool is helpful for domain
Facebook has come up with a tool to make it easier for domain owner (or security team) to search and keep track of certificates associated with their domain through CT logs. CT maintains logs listing TLS/SSL certificates, which are publicly accessible. CT framework outlines various rules and procedures, such as:
- How CAs and domain owners submit records of TLS certificates to public logs
- Audit the logs to ensure the certificates are properly added
- Monitor the logs to look for new entries
- Mis-issued certificates
- Stolen certificates
- Rogue Certificate Authorities
For further information, feel free to contact us on +1 (888) 606-7330. We will also help you to provide Comodo SSL Certificate for domain and sub-domain to secure your online business website. Go ahead and visit us at https://www.thesslstreet.com/.
No comments:
Post a Comment