TLS Certificate Audit
This page provides information on the TLS Certificate Audit in Netify's Network Intelligence Engine. To learn more about our full suite of intelligence drivers, see our intelligence capabilities page.
Risk Overview
Our suite of TLS certificate drivers provides a comprehensive defense-in-depth strategy by rigorously auditing the technical integrity of every encrypted connection on the network. By simultaneously detecting expired certificates, hostname mismatches, self-signed signatures, and excessive validity periods, these drivers eliminate the primary blind spots associated with outdated or fraudulent encryption.
Indicator Drivers
TLS Certificate Expired Driver
The TLS Expired Certificate indicator driver identifies connections where a certificate has passed its predefined expiration date, rendering it technically and legally invalid. This lapse indicates that the server's identity has not been recently re-verified by a trusted Certificate Authority, often a sign of neglected infrastructure or outdated security standards.
- Tag
- tls_cert_expired
- Score
- High Risk - 70
- Version
- 1.2.0
TLS Certificate Mismatch Driver
The TLS Certificate Mismatch indicator driver identifies instances where the domain name requested by the client does not align with the identities listed in the certificate's Subject Alternative Name (SAN) field. This discrepancy serves as a critical indicator of a man-in-the-middle attack, signaling that a valid certificate issued by one entity may be repurposed to impersonate a completely different site.
- Tag
- tls_cert_mismatch
- Score
- Critical Risk - 80
- Version
- 1.2.0
TLS Certificate Self-signed Driver
The TLS Self-Signed Certificate indicator driver detects certificates that lack independent validation from a trusted Certificate Authority (CA). Because these certificates are signed by the server itself rather than a verified third party, clients cannot cryptographically confirm the server’s true identity. This lack of verification creates a critical vulnerability, as an attacker can easily present their own self-signed certificate during a Man-in-the-Middle (MITM) attack.
- Tag
- tls_cert_self_signed
- Score
- Critical Risk - 80
- Version
- 1.2.0
TLS Certificate Lifespan Driver
The TLS Lifespan Validity indicator driver monitors for certificates that exceed the maximum lifespan mandated by modern security standards. By identifying these evergreen certificates, the driver highlights relics of poor security practices that are susceptible to long-term compromise and slower to adopt modern encryption.
- Tag
- tls_cert_validity_too_long
- Score
- Medium Risk - 30
- Version
- 1.2.0