[tor-bugs] #33602 [Internal Services/Services Admin Team]: monitor certificate transparency log
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Mar 12 19:36:29 UTC 2020
#33602: monitor certificate transparency log
-------------------------------------------------+-------------------------
Reporter: anarcat | Owner: (none)
Type: task | Status: new
Priority: Low | Milestone:
Component: Internal Services/Services | Version:
Admin Team |
Severity: Major | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------------------+-------------------------
we should use something like SSLMate.com or certspotter to monitor
certificates issued in our place.
https://github.com/SSLMate/certspotter
this could be ran on nevii, nagios or pauli. it's unclear what we should
do with the output, there will be possibly be lots of false positive, as
the certificates will appear in our logs every time one of our cert is
(legitimitely) renewed.
it's a debian package since buster. i ran a test locally, and it's
basically:
{{{
sed 's/ /\n/g;/^#/d;/^ *$/d' letsencryt-domains/domains | sort |
certspotter -watchlist -
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33602>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list