Public certificate hostnames

seiji · March 3, 2020, 4:10pm

I think there is a small problem with the list.

You unintentionally exposed a whole lot of subdomains. For example (<number of subdomains> <domain>)

35581 keenetic.io
26693 hybris.com (idk what is it but it redirects to sap.com so ...)
18931 mongodb.net
2070 synology.me

Another bad thing you exposed are some phpmyadmin subdomains which where surely supposed to be hidden from public like phpmyadmin89g7dioj3k4sd.example.com.

I guess you should remove caa-rechecking-incident-affected-serials.txt.gz from public access asap and notify at least the above mentioned parties on the leak.

9peppe · March 3, 2020, 4:12pm

You know... they where public already.

jsha · March 3, 2020, 4:37pm

Thanks for the report @seiji! As @9peppe says, we log all hostnames in public Certificate Transparency logs, as all CAs are required to to be trusted in Chrome. Even though the hostnames you mentioned are long and random, they are not intended to be secret - they are intended to avoid collisions. Still, I appreciate you noticing and informing us.

system · April 2, 2020, 4:37pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Too many certificates (10) already issued Help	8	1052	March 5, 2022
Opt-out of Certificate Transparency Feature Requests	4	3669	April 28, 2018
Certificate Transparency Search Resources Issuance Tech	9	2058	September 13, 2023
SERVFAIL Looking up CAA Help	2	457	November 26, 2020
Please help me out to get CA certificate Help	3	958	February 18, 2018

Public certificate hostnames

Related topics