Since its introduction in the 1970s, public key cryptography has undergone many changes and updates to meet security, usability, and efficiency. Public-key certificates are important to create trust in the public keys, but they can also be exploited as attack vectors in cyberattacks. To effectively combat the threats associated with the Web Public Key Infrastructure (PKI), it is essential to employ tools or platforms capable of swiftly gathering and thoroughly analyzing large volumes of certificates, including, but not limited to, web domains across defined geographic regions, countries, or pertaining to specific application domains. We introduce DigitalCertiAnalytics, a tool for collecting and analyzing X.509v3 certificates used in the Web PKI. DigitalCertiAnalytics incorporates software tools that may carry out partial analyses, such as Zgrab2 for certificate collection, Zlint for certificate format validation, and SSLyze for certificate chain verification. We validated the proposed tool by examining over 10 million web domains in two lists, containing the most visited web domains in different geographical regions. DigitalCertiAnalytics is accurate, flexible, and fast, making it a useful tool for attack prevention, where early detection of invalid, malformed, or erroneous certificates helps to identify attacks in the early stage.
An Automatic Large-scale Tool for X.509v3 Certificate Collection and Analysis / Berbecaru, D., Lioy, A., Anuar Elio, M.. - ELETTRONICO. - (2026), pp. 1-6. (IEEE International Conference on Communications (IEEE ICC) 2026 Glasgow, Scotland (UK) 24 - 28 May 2026) [10.1109/ICC59461.2026.11587700].
An Automatic Large-scale Tool for X.509v3 Certificate Collection and Analysis
Berbecaru, Diana;Antonio, Lioy;
2026
Abstract
Since its introduction in the 1970s, public key cryptography has undergone many changes and updates to meet security, usability, and efficiency. Public-key certificates are important to create trust in the public keys, but they can also be exploited as attack vectors in cyberattacks. To effectively combat the threats associated with the Web Public Key Infrastructure (PKI), it is essential to employ tools or platforms capable of swiftly gathering and thoroughly analyzing large volumes of certificates, including, but not limited to, web domains across defined geographic regions, countries, or pertaining to specific application domains. We introduce DigitalCertiAnalytics, a tool for collecting and analyzing X.509v3 certificates used in the Web PKI. DigitalCertiAnalytics incorporates software tools that may carry out partial analyses, such as Zgrab2 for certificate collection, Zlint for certificate format validation, and SSLyze for certificate chain verification. We validated the proposed tool by examining over 10 million web domains in two lists, containing the most visited web domains in different geographical regions. DigitalCertiAnalytics is accurate, flexible, and fast, making it a useful tool for attack prevention, where early detection of invalid, malformed, or erroneous certificates helps to identify attacks in the early stage.| File | Dimensione | Formato | |
|---|---|---|---|
|
Paper_DigitalCertAnalytics_ICC_v1.pdf
accesso aperto
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
Pubblico - Tutti i diritti riservati
Dimensione
305.47 kB
Formato
Adobe PDF
|
305.47 kB | Adobe PDF | Visualizza/Apri |
|
An_Automatic_Large-scale_Tool_for_X.509v3_Certificate_Collection_and_Analysis.pdf
accesso riservato
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Non Pubblico - Accesso privato/ristretto
Dimensione
1.03 MB
Formato
Adobe PDF
|
1.03 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/3006955
