Since its introduction in the 1970s, public key cryptography has undergone many changes and updates to meet security, usability, and efficiency. Public-key certificates are important to create trust in the public keys, but they can also be exploited as attack vectors in cyberattacks. To effectively combat the threats associated with the Web Public Key Infrastructure (PKI), it is essential to employ tools or platforms capable of swiftly gathering and thoroughly analyzing large volumes of certificates, including, but not limited to, web domains across defined geographic regions, countries, or pertaining to specific application domains. We introduce DigitalCertiAnalytics, a tool for collecting and analyzing X.509v3 certificates used in the Web PKI. DigitalCertiAnalytics incorporates software tools that may carry out partial analyses, such as Zgrab2 for certificate collection, Zlint for certificate format validation, and SSLyze for certificate chain verification. We validated the proposed tool by examining over 10 million web domains in two lists, containing the most visited web domains in different geographical regions. DigitalCertiAnalytics is accurate, flexible, and fast, making it a useful tool for attack prevention, where early detection of invalid, malformed, or erroneous certificates helps to identify attacks in the early stage.

An Automatic Large-scale Tool for X.509v3 Certificate Collection and Analysis / Berbecaru, D., Lioy, A., Anuar Elio, M.. - ELETTRONICO. - (2026), pp. 1-6. (IEEE International Conference on Communications (IEEE ICC) 2026 Glasgow, Scotland (UK) 24 - 28 May 2026) [10.1109/ICC59461.2026.11587700].

An Automatic Large-scale Tool for X.509v3 Certificate Collection and Analysis

Berbecaru, Diana;Antonio, Lioy;
2026

Abstract

Since its introduction in the 1970s, public key cryptography has undergone many changes and updates to meet security, usability, and efficiency. Public-key certificates are important to create trust in the public keys, but they can also be exploited as attack vectors in cyberattacks. To effectively combat the threats associated with the Web Public Key Infrastructure (PKI), it is essential to employ tools or platforms capable of swiftly gathering and thoroughly analyzing large volumes of certificates, including, but not limited to, web domains across defined geographic regions, countries, or pertaining to specific application domains. We introduce DigitalCertiAnalytics, a tool for collecting and analyzing X.509v3 certificates used in the Web PKI. DigitalCertiAnalytics incorporates software tools that may carry out partial analyses, such as Zgrab2 for certificate collection, Zlint for certificate format validation, and SSLyze for certificate chain verification. We validated the proposed tool by examining over 10 million web domains in two lists, containing the most visited web domains in different geographical regions. DigitalCertiAnalytics is accurate, flexible, and fast, making it a useful tool for attack prevention, where early detection of invalid, malformed, or erroneous certificates helps to identify attacks in the early stage.
2026
979-8-3195-4209-0
File in questo prodotto:
File Dimensione Formato  
Paper_DigitalCertAnalytics_ICC_v1.pdf

accesso aperto

Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: Pubblico - Tutti i diritti riservati
Dimensione 305.47 kB
Formato Adobe PDF
305.47 kB Adobe PDF Visualizza/Apri
An_Automatic_Large-scale_Tool_for_X.509v3_Certificate_Collection_and_Analysis.pdf

accesso riservato

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 1.03 MB
Formato Adobe PDF
1.03 MB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/3006955