💾 Archived View for jacksonchen666.com › posts › 2023-09-23 › 16-18-35 › index.gmi captured on 2024-02-05 at 09:40:35. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-11-04)
-=-=-=-=-=-=-
2023-09-23 16:18:35Z
Did you know that when you get a certificate for HTTPS use from certificate issuers (e.g. Let's encrypt, Cloudflare, etc.), the certificate issuing is logged?
Welcome to Certificate Transparency. You can even search for certificates! Hope you didn't request for a certificate with nasty/sensitive subdomains names or malicious (impersonating) domains because the domains for issued certificates are definitely public.
Certificate Transparency on Wikipedia
Certificate searching through Certificate Transparency logs
List of certificates issued for jacksonchen666.com
So how do you search the certificate logs?
Well, I haven't found a way to directly pull the CT logs (yet). But there is something which provides searching: crt.sh. It provides domain search, or any other kinds of search on pretty much all attributes for a certificate.
So, subdomains. How?
Well, you need a target. How about my domain? It has a bit of an interesting history with subdomains like:
https://this.is.the.least.exciting.thing.ever.on.jacksonchen666.com
posts.jacksonchen666.com
https://matrix.jacksonchen666.com
https://chat.jacksonchen666.com
https://videos.jacksonchen666.com
server.jacksonchen666.com
api.billwurtz-search.jacksonchen666.com
billwurtz-search.jacksonchen666.com
https://status.jacksonchen666.com
foobar.jacksonchen666.com
https://microblogging.jacksonchen666.com
redesign.jacksonchen666.com
These days though, I have much less interesting domains in my certificates because I use wildcard certificates, which doesn't show the specific domains issued so you can't see them nowadays.