[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #33602 [Internal Services/Services Admin Team]: monitor certificate transparency log
#33602: monitor certificate transparency log
-------------------------------------------------+-------------------------
Reporter: anarcat | Owner: (none)
Type: task | Status: new
Priority: Low | Milestone:
Component: Internal Services/Services | Version:
Admin Team |
Severity: Major | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------------------+-------------------------
we should use something like SSLMate.com or certspotter to monitor
certificates issued in our place.
https://github.com/SSLMate/certspotter
this could be ran on nevii, nagios or pauli. it's unclear what we should
do with the output, there will be possibly be lots of false positive, as
the certificates will appear in our logs every time one of our cert is
(legitimitely) renewed.
it's a debian package since buster. i ran a test locally, and it's
basically:
{{{
sed 's/ /\n/g;/^#/d;/^ *$/d' letsencryt-domains/domains | sort |
certspotter -watchlist -
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33602>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs