Facebook has launched a tool that allows domain name owners to discover TLS/SSL certificates that were issued without their knowledge.

The tool uses data collected from the many Certificate Transparency logs that are publicly accessible. Certificate Transparency (CT) is a new open standard requiring certificate authorities to disclose the certificate that they issue.

Until a few years ago, there was no way of tracking the certificates issued by every certificate authority (CA). At best, researchers could scan the entire web and collect those certificates being used on public servers. This made it very hard to discover cases where CAs issued certificates for domain names without the approval of those domains’ owners.

To read this article in full or to leave a comment, please click here