Hardenize has joined Red Sift! Find out more in our blog post.

Blog

Welcome to the Hardenize blog. This is where we will document our journey as we make the Internet a more secure place and have some fun and excitement along the way.

28 Feb
2019

Our New Certificate Dashboard

by Ivan Ristić

Our old certificate dashboard has served us well, but we've now released a brand-new, updated, certificate dashboard. Our new dashboard for certificate monitoring has been designed to give show you—at a glance—the key parameters of your certificate inventory.

In addition to making the charts pretty, we made them clickable, so that you can see exactly which certificates belong to which section. (The screenshot shows only the charts, but our entire certificate dashboard page contains the list of certificates and provides a way to filter based on desired criteria.) We also included a lot of detail in the on-hover help text (the little question marks) that explains how exactly we've arrived at the shown statistics.

A lot of backend work went into correctly classifying certificates. For example, mapping certificate issuers (intermediate CAs) to Certification Authorities is not straightforward. For this purpose, we use the information provided by the Common CA Database project, which is operated by Mozilla.

In the past, determining certificate validation type involved a lot of guesswork and various heuristics, but things are much easier now because most certificates include special OIDs that indicate the validation efforts involved. Accurately indicating EV certificates requires special work, because there is no single OID used by everyone. Instead, each CA may have one or more of their own OIDs, which you need to know ahead of time. We extracted all the necessary OIDs by directly examining the major root stores.