💾 Archived View for jacksonchen666.com › posts › 2023-09-23 › 16-18-35 › index.gmi captured on 2023-09-28 at 15:47:08. Gemini links have been rewritten to link to archived content

View Raw

More Information

➡️ Next capture (2023-11-04)

-=-=-=-=-=-=-

Finding Subdomains With Certificate Transparency Logs

2023-09-23T16:18:35Z

Did you know that when you get a certificate for HTTPS use from certificate issuers (e.g. Let's encrypt, Cloudflare, etc.), the certificate issuing is logged?

Welcome to Certificate Transparency. You can even search for certificates! Hope you didn't request for a certificate with nasty/sensitive subdomains names or malicious (impersonating) domains because the domains for issued certificates are definitely public.

Certificate Transparency on Wikipedia

Certificate searching through Certificate Transparency logs

List of certificates issued for jacksonchen666.com

So how do you search the certificate logs?

Well, I haven't found a way to directly pull the CT logs (yet). But there is something which provides searching: crt.sh. It provides domain search, or any other kinds of search on pretty much all attributes for a certificate.

So, subdomains. How?

Well, you need a target. How about my domain? It has a bit of an interesting history with subdomains like:

https://this.is.the.least.exciting.thing.ever.on.jacksonchen666.com

posts.jacksonchen666.com

https://matrix.jacksonchen666.com

https://chat.jacksonchen666.com

https://videos.jacksonchen666.com

server.jacksonchen666.com

api.billwurtz-search.jacksonchen666.com

billwurtz-search.jacksonchen666.com

https://status.jacksonchen666.com

foobar.jacksonchen666.com

https://microblogging.jacksonchen666.com

redesign.jacksonchen666.com

These days though, I have much less interesting domains in my certificates because I use wildcard certificates, which doesn't show the specific domains issued so you can't see them nowadays.

public inbox (comments and discussions)

public inbox archives

(mailing list etiquette for public inbox)