TLS Certificate Audit
TLS Certificate Audit Intelligence
The following page provides information on the TLS Certificate Audit indicator drivers included in Netify's Intelligence engine.
Overview
Our suite of TLS certificate drivers provides a comprehensive defense-in-depth strategy by rigorously auditing the technical integrity of every encrypted connection on the network. By simultaneously detecting expired certificates, hostname mismatches, self-signed signatures, and excessive validity periods, these drivers eliminate the primary blind spots associated with outdated or fraudulent encryption.
Other Intelligence Info
Intelligence OverviewIntelligence Catalog
Intelligence Categories
Intelligence Release Log
| Score | Description |
|---|---|
| 0 | Informational |
| 1-25 | Low Risk |
| 26-50 | Medium Risk |
| 51-75 | High Risk |
| 76-100 | Critical Risk |
Indicator Drivers
TLS Certificate Expired Driver
The TLS Expired Certificate indicator driver identifies connections where a certificate has passed its pre-defined expiration date, rendering it technically and legally invalid. This lapse indicates that the server's identity has not been recently re-verified by a trusted Certificate Authority, often a sign of neglected infrastructure or outdated security standards.
| Tag | Default Score |
|---|---|
| tls_cert_expired | 70 - High Risk |
TLS Certificate Mismatch Driver
The TLS Certificate Mismatch indicator driver identifies instances where the domain name requested by the client does not align with the identities listed in the certificate's Subject Alternative Name (SAN) field. This discrepancy serves as a critical indicator of a man-in-the-middle attack, signaling that a valid certificate issued by one entity may be repurposed to impersonate a completely different site.
| Tag | Default Score |
|---|---|
| tls_cert_mismatch | 80 - Critical Risk |
TLS Certificate Self-signed Driver
The TLS Self-Signed Certificate indicator driver detects certificates that lack independent validation from a trusted Certificate Authority (CA). Because these certificates are signed by the server itself rather than a verified third party, clients cannot cryptographically confirm the server’s true identity. This lack of verification creates a critical vulnerability, as an attacker can easily present their own self-signed certificate during a Man-in-the-Middle (MITM) attack
| Tag | Default Score |
|---|---|
| tls_cert_self_signed | 80 - Critical Risk |
TLS Certificate Lifespan Driver
The TLS Lifespan Validity indicator driver monitors for certificates that exceed the maximum lifespan mandated by modern security standards. By identifying these evergreen certificates, the driver highlights relics of poor security practices that are susceptible to long-term compromise and slower to adopt modern encryption.
| Tag | Default Score |
|---|---|
| tls_cert_validity_too_long | 30 - Medium Risk |