LogoLogo
APISupportDashboard
  • Welcome
  • Platform
    • Platform Overview
    • Getting Started Guide
    • Discovery
      • Domain Discovery
      • Network Discovery
      • Discovered Assets
    • Targets
      • Scan Policies
      • Add-on Services
      • Tags & Filtering
        • Default Tags
      • Managing Targets
      • Scan Configuration
    • Risk
    • Firewalls
      • Ports
      • HTTP Servers
      • DNS Records
    • Websites
      • Certificates
      • Scripts
      • Cookies
      • Headers
      • Forms
      • Links
      • Downloads
      • Traffic Hosts
      • Meta Tags
      • Pages
    • Technology
    • Issues
      • Vulnerability Management
      • Issue Settings
    • Reports
    • Compliance
    • Projects
      • Penetration Testing
      • Other Projects
    • Events
      • Event Rules
      • Event Types
    • Automations
      • Target Automations
      • Asset Automations
      • Target Issue Automations
  • Integrations
    • Discovery Integrations
      • Azure
      • Google Cloud
      • AWS
      • Cloudflare
      • Oracle Cloud Infrastructure
      • F5
      • GoDaddy
      • Wiz
      • HTTP
    • Workflow Integrations
      • Slack
      • Google Chat
      • Jira
      • PagerDuty
      • Splunk
      • AWS
      • Vanta
      • Microsoft Teams
      • ArmorCode
      • Zapier
        • Slack (via Zapier)
        • Jira (via Zapier)
        • Service Now (via Zapier)
    • Feeds
      • Using Feeds with Google Sheets
    • API
    • Webhooks
  • Account
    • Account Overview
      • Account Security
    • Users
      • Roles & Permissions
Powered by GitBook

© 2024 Halo Security

On this page
  • Use Cases
  • Detection
  • Risk
  • Extensions
  • Pages

Was this helpful?

  1. Platform
  2. Websites

Certificates

Identify TLS certificates that are in use and any data associated with them.

PreviousWebsitesNextScripts

Last updated 3 months ago

Was this helpful?

The Certificates section is designed to help you monitor certificates, TLS protocol versions, and cipher suites across your external assets.

Use Cases

  • Identify certificates that expire soon or have already expired. These should be updated as soon as possible. Sites using expired certificates may be susceptible to man-in-the-middle attacks by attackers who may be able to intercept traffic from users of the site.

  • Identify deprecated TLS protocol versions and bad ciphers containing known vulnerabilities. These may affect the security of your website, ranging from Denial of Service attacks to decryption/compromise of traffic.

  • Identify connected hosts. By extracting fields from the certificate, such as the Common Name and Subject Alternative Name, you can discover other related hostnames.

Detection

The website scan attempts to establish a TLS connection to open ports and extract the x.509 certificate along with negotiated protocols and ciphers.

Risk

Risk is assigned to each certificate based on several factors including expiration date/expiration status of certificates, deprecated TLS versions, and known weak or bad cipher suites.

  • High (● Red): Non-valid or expired certificate, or certificate uses high-risk ciphers.

  • Medium (● Yellow): Certificate supports weak ciphers.

  • Low (● Green): No significant risks are associated with the certificate.

Certificates rated High or Medium risk will create .

We recommend fixing any High-risk issues immediately, and Medium risk issues should warrant a look to see if they are an acceptable risk.

Extensions

  • Valid

    • ● Green: The certificate is valid.

    • ● Red: The certificate is not valid.

  • Not Expired

    • ● Green: The certificate is not currently expired.

    • ● Red: The certificate has expired.

  • Host Match

    • ● Green: The hostname on the certificate appears on its certificate's Common Name or Alternate Names.

    • ● Red: The hostname of the target does not appear on its certificate's Common Name or Alternate Names.

  • Ciphers: The rating of the highest risk cipher used by the certificate. Ciphers are individually rated for:

    • ● Green: Low-risk cipher with no known vulnerabilities.

    • ● Yellow: Medium-risk cipher with weaker encryption standards.

    • ● Red: High-risk cipher associated with known vulnerabilities.

Pages

You can easily navigate through the Certificates section to audit the certificates across your attack surface.

Certificate extensions are individually rated as well and can be viewed on the and within the certificate detail view.

: Displays an overview of risk, geographical data, certificate validity, versions, and issuing authorities.

: Lists all targets and summarizes the risk status of each certificate.

: Lists all targets with details on the certificate's issuer, country, and hostname

: Displays a calendar view of when certificates expire.

: Lists all ciphers and TLS protocol versions and the corresponding targets.

: Lists the hostnames that were found in the certificates' Common Name and Subject Alt Names.

: Displays the changes found between different scans.

issues
summary page
Overview
Summary
List
Calendar
Ciphers
Hosts
Changes