How to find out who had SSL installed on server


#1

An SSL certificate has been installed for my account. How do you find out who installed it?


#2

Hi,

Please ask your hosting provider… We (at least me) have no idea who you are, what hosting you are using and how it is applied.

The best guess, you are using a cPanel based hosting and has autossl enabled, which used let’s encrypt to automatically install certificates.

Thank you


#3

Thanks Steven, apparently my site was hacked and the certificate installed without my knowing. Hosting company will be removing it.


#4

Then check, if there is a public key pinning with this certificate.

Google removed the PKP-code, but older FireFox may block the page.

And check, if there is a HSTS - header set:


#5

It seems somewhat perplexing that someone who hacked your site would install a certificate on your server; at least, I don’t see what the benefit of that is to the attacker.

Feel free to take a look at this recent thread where someone else has made a pretty similar claim:

(In that thread I talked about the possibility that the certificate might have been created by automated tools that were part of the hosting environment, rather than by someone hacking into the server.)


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.