search

adamdecaf / cert-manage

WIP x509 Certificate auditing CLI
Apache License 2.0
32 stars 6 forks source link

whitelist/gen: better grouping of CA certificates and chains #124

Closed adamdecaf closed 6 years ago

adamdecaf commented 6 years ago

I ran generations over my browser history and found a lot of intermediate certs. The grouping could be a bit better I bet. 

$ ./cert-manage gen-whitelist -from chrome -out wh.json
CA                                                      DNSName Count    Example DNSNames
DigiCert Inc                                            4ffec029b6ffbe9d 740 statuspage.io, 3down.mit.edu, ac.sterda.com, adltrust.kinnser.com, amtrust.kinnser.com
Google Inc                                              bc98a2682670e92a 68  *.google.com, *.android.com, *.appengine.google.com, *.cloud.google.com, *.db833953.google.cn
GoDaddy.com, Inc., http://certs.godaddy.com/repository/ ffaf6affa8c3362c 67  sni194015.cloudflaressl.com, *.bikelights.info, *.bosen.info, *.careerdev.info, *.cbcat.ru
GoDaddy.com, Inc., http://certs.godaddy.com/repository/ 7974ebe3fc476e08 8   emacs.org, gnu.org, hurd.gnu.org, www.freesoftware.fsf.org, www.gnu.org
Symantec Corporation, Symantec Trust Network            3e203bc509a032cc 6   freecampsites.net, intergalacticdata.com, intergalacticdata.net, rvdumpsites.com, rvdumpsites.net
Let's Encrypt                                           7c6249926f62b3ea 4   *.jackhenry.com, jackhenry.com, jhaextadfs.jackhenry.com, esdadfs.jackhenry.com
thawte, Inc.                                            cdfd2bdc576fed2e 3   asciinema.org, staging.asciinema.org, www.asciinema.org
Symantec Corporation, Symantec Trust Network            b5d004b2da8b77f9 3   www.starbucks.com, globalassetshost.starbucks.com, starbucks.com
$ ./cert-manage gen-whitelist -from firefox -out wh.json
CA                                                                       DNSName Count    Example DNSNames
DigiCert Inc, www.digicert.com                                           8a43602dc67d8c59 740 statuspage.io, 3down.mit.edu, ac.sterda.com, adltrust.kinnser.com, amtrust.kinnser.com
DigiCert Inc, www.digicert.com                                           2fe3a029a23d5e6d 566 ssl001.insnw.net, *.adage.com, *.aovstats.com, *.apw21.com, *.apwcontent.com
DigiCert Inc, www.digicert.com                                           2fe3a029a23d5e6d 343 gannett.com, usatoday.com, *.usatoday.com, alamogordonews.com, *.alamogordonews.com
Google Inc                                                               211072c114b98add 336 misc.google.com, *.actions.google.com, *.adgoogle.net, *.admeld.com, *.advertiserscommunity.com
Google Trust Services                                                    8689a0f6f2606db8 233 *.dev.volcanic.uk, *.production.volcanic.uk, *.staging.volcanic.uk, ap.talentinternational.com, app.pointjobs.co.uk
DigiCert Inc                                                             52a64ba469b0bfb6 163 misc-sni.blogspot.com, *.au.daily.alpha.blogspot.com, *.au.gaia.alpha.blogspot.com, *.au.prod.alpha.blogspot.com, *.au.weekly.alpha.blogspot.com
DigiCert Inc                                                             ba000b8e9b1a7491 159 misc-sni.google.com, *.1ucrs.com, *.abc.xyz, *.adsensecustomsearchads.com, *.ampproject.com
DigiCert Inc, www.digicert.com                                           25fe3932d9638c8a 147 k.ssl.fastly.net, *.bitconveyor.com, *.businessinsider.de, *.cache.pointinside.com, *.cargurus.com
DigiCert Inc, www.digicert.com                                           74f6291c89352c39 146 ns-vip-02.sys.kth.se, intra.abe.kth.se, intra.bio.kth.se, intra.che.kth.se, intra.csc.kth.se
DigiCert Inc, www.digicert.com                                           334105950462aeab 144 i.ssl.fastly.net, *.am-autoparts.com, *.am-autopartsqa.com, *.i.ssl.fastly.net, *.s.tmol.io
Let's Encrypt                                                            d8a3987029382fe8 144 incapsula.com, *.acc.co.id, *.adpost.com, *.amwaynet.com.tw, *.asiaforgood.com
COMODO CA Limited                                                        993f509faf2d0504 143 f4.shared.global.fastly.net, *.500px.com, *.500px.net, *.500px.org, *.acceptance.habitat.sh
Let's Encrypt                                                            47bc22f69a2e5701 133 e2.shared.global.fastly.net, *.alpagot.net, *.be-me.co, *.beme.com, *.bridestory.com
DigiCert Inc, www.digicert.com                                           9396c5035bc84f73 127 j.ssl.fastly.net, *.compatiblepartners.net, *.eharmony.ca, *.eharmony.co.uk, *.eharmony.com
Amazon, Server CA 1B                                                     223b1e3a385738e3 123 j2.shared.global.fastly.net, *.a2presse.fr, *.adventistbookcenter.com, *.api.lolesports.com, *.baatch.com
Symantec Corporation, Symantec Trust Network                             7714d5c429d2af9b 122 g2.shared.global.fastly.net, *.abritel.fr, *.admailtiser.com, *.apartmenttherapy.com, *.b12sites.com
Google Inc                                                               fdefc4e1397ea879 122 m.ssl.fastly.net, *.7digital.com, *.7static.com, *.activistmonitor.com, *.adwerx.com
DigiCert Inc                                                             fa18d0c1ce71aef1 122 d2.shared.global.fastly.net, *.1101.com, *.acurisdatasolutions.com, *.alarmgrid.com, *.anywhere.com
DigiCert Inc, www.digicert.com                                           2cb0d0ceb3721630 116 n.ssl.fastly.net, *.1bleacherreport.com, *.anywherebelize.com, *.anywherecostarica.com, *.anywherecuba.com
Google Inc                                                               bc98a2682670e92a 111 r.ssl.fastly.net, *.addthis.com, *.addthisedge.com, *.adwerx.com, *.alittlecraft.com
DigiCert Inc                                                             48c8c528c5972465 110 us.linkedin.com, ae.linkedin.com, ar.linkedin.com, au.linkedin.com, be.linkedin.com
COMODO CA Limited                                                        b7f7c0e2b50d3ce8 104 craigslist.org, *.cl.com, *.cl.uk, *.craigslist.at, *.craigslist.be
GeoTrust Inc.                                                            41e02e781afc1ba6 100 abbyabas.com, angular.run, bensonapp.com, billc.cc, buzzotter.com
Let's Encrypt                                                            d29b53d2babc4013 100 121.care, 5637641986899968-fe3.pantheonsite.io, 8xrentals.com, agifabricators.com, americanturfandtree.com
Amazon, Server CA 1B                                                     0b5e434708f2afb5 100 5767409591910400-fe4.pantheonsite.io, aileyextension.com, alvinailey.org, ask.alvinailey.org, atc.usenix.org
Let's Encrypt                                                            13dd79371f4ebd44 100 1301colorado.com, 5667908084563968-fe2.pantheonsite.io, adirondackestates.com, aecpropertytax.com, afscmeatwork.org
Internet2, InCommon                                                      c211e0232c0fdf9e 99  sni36037.cloudflaressl.com, *.aniajarda.com, *.autonomiesante.ca, *.beautyandbridalbylaura.co.uk, *.begriffagency.ru
GeoTrust Inc.                                                            b9332a41b363f119 99  sni66495.cloudflaressl.com, *.aclusocal.org, *.brownadipose.com, *.cleareye.com, *.coatednails.com
Let's Encrypt                                                            4a1a7a7ce1eb6917 99  sni29581.cloudflaressl.com, *.03loveandroid.ml, *.0designdesktop7.gq, *.0pattern97.tk, *.3807.gq
GoDaddy.com, Inc., http://certs.godaddy.com/repository/                  5ddfe568bd34e26c 99  sni24077.cloudflaressl.com, *.aafdcyerwqo.gq, *.abc-wages.com, *.activehackers.com, *.anvfxvxgzdn.ml
adamdecaf commented 6 years ago

The long tail is even more severe.

``` COMODO CA Limited 9f1830de2812788c 2 *.getfeedback.com, getfeedback.com DigiCert Inc, www.digicert.com 0a142fa2fdef1949 2 *.herokuapp.com, herokuapp.com Microsoft Corporation, Microsoft IT 65b93a864d485728 2 *.trib.al, trib.al Symantec Corporation, Symantec Trust Network d478787901009010 2 bitbucket.org, www.bitbucket.org COMODO CA Limited 9434b6d490cf73fd 2 *.nodejs.org, nodejs.org GoDaddy.com, Inc., http://certs.godaddy.com/repository/ 200efbf653fe0618 2 cybellum.com, www.cybellum.com Let's Encrypt 5f1144bc75830401 2 blog.discordapp.com, www.blog.discordapp.com COMODO CA Limited 4f0971fee35a49d4 2 freedom-to-tinker.com, www.freedom-to-tinker.com DigiCert Inc a41b68a6f376a167 2 danielmiessler.com, www.danielmiessler.com Let's Encrypt ef8581fba8177f1d 2 openreview.net, www.openreview.net COMODO CA Limited 05cacfced92aa1fe 2 dreamwidth.org, *.dreamwidth.org Amazon, Server CA 1B 2bde0c3256170a99 2 *.duolingo.com, duolingo.com COMODO CA Limited 3b67d8a86e873d30 2 www.bleepingcomputer.com, bleepingcomputer.com GoDaddy.com, Inc., http://certs.godaddy.com/repository/ d494d922bbd28b9f 2 www.regular-expressions.info, regular-expressions.info COMODO CA Limited dae6987f96b99af0 2 mondaynote.com, www.mondaynote.com COMODO CA Limited 78bc2a88e73c6301 2 *.godbolt.org, godbolt.org GeoTrust Inc. f7902376a4b4e49f 2 kubesec.io, *.kubesec.io DigiCert Inc 4c114f427308a328 2 p3rl.org, www.p3rl.org GeoTrust Inc. 2ae51ba0426dcdd9 2 *.segment.com, segment.com Let's Encrypt 18f3835701a77603 2 www.coinbase.com, coinbase.com Let's Encrypt a681e0093095143e 2 electrek.co, www.electrek.co Let's Encrypt d7e6c4257a173479 2 lukasa.co.uk, www.lukasa.co.uk Let's Encrypt ff46b920287422d7 2 bitcoin-price.com, www.bitcoin-price.com DigiCert Inc b92f54c1ae0ce7b5 2 bytes.com, www.bytes.com COMODO CA Limited 7a90853b71726aa6 2 ruby-doc.org, www.ruby-doc.org DigiCert Inc 63eb34876cbd2ebb 2 *.telemetry.mozilla.org, telemetry.mozilla.org Entrust, Inc., See www.entrust.net/legal-terms ebc090fab7a26f87 2 *.php.net, php.net COMODO CA Limited d4962faf73707db1 2 *.codecentric.de, codecentric.de Symantec Corporation, Symantec Trust Network d7f030f179ace7eb 2 umblr.com, t.umblr.com Oracle Corporation, Symantec Trust Network e8d93cb118b2d0a5 2 *.zachaysan.com, zachaysan.com Let's Encrypt ff24800071d37fcd 2 www.campendium.com, campendium.com COMODO CA Limited b741532fb5754e0e 2 wiki.jenkins-ci.org, wiki.jenkins.io DigiCert Inc, www.digicert.com 72098555c4fbd0c5 2 www.apmex.com, apmex.com COMODO CA Limited 0a01f90812dc834c 2 *.scala-lang.org, scala-lang.org COMODO CA Limited 4042fd8b388aff46 2 *.bintray.com, bintray.com Symantec Corporation, Symantec Trust Network a3a4516ecc4a5ec5 2 *.libsyn.com, libsyn.com Let's Encrypt 1310ee417feb1152 2 reviewable.k8s.io, reviewable.kubernetes.io GeoTrust Inc. e2053c7ae78710d8 2 www.512pixels.net, 512pixels.net Let's Encrypt 35da54c4ff54dfd8 2 makeartwithpython.com, www.makeartwithpython.com COMODO CA Limited 589c902bc015558a 2 get.scaleft.com, www.get.scaleft.com GoDaddy.com, Inc., http://certs.godaddy.com/repository/ 4cfde8851316a564 2 alvinalexander.com, www.alvinalexander.com GlobalSign nv-sa 5366406d75635a5b 2 www.collectd.org, collectd.org DigiCert Inc c0a137892b402e4a 2 *.trello.com, trello.com COMODO CA Limited bb4d0ab79a94ea22 2 *.qbox.io, qbox.io DigiCert Inc 2c7df9591b04e31c 2 blog.appsecco.com, www.blog.appsecco.com COMODO CA Limited 3d7990f6df8822d6 2 www.rockpapershotgun.com, rockpapershotgun.com COMODO CA Limited 1cf73b9826ed7fc4 2 amplitude.engineering, www.amplitude.engineering Let's Encrypt 16dbda65528d2392 2 mercurynews.com, www.mercurynews.com DigiCert Inc, www.digicert.com 2c40e24475ab592f 2 *.aciworldwide.com, aciworldwide.com Gandi a50d0849b815ff7f 2 leastauthority.com, www.leastauthority.com Amazon, Server CA 1B d4d5c77390ccaab0 2 *.deloitte.com, deloitte.com COMODO CA Limited 021fa7122579b8b1 2 *.quad9.net, quad9.net COMODO CA Limited 4f3762f73ed21bf9 2 www.theclearinghouse.org, theclearinghouse.org GeoTrust Inc. 8d62fc4388b82e16 2 *.pledgemusic.com, pledgemusic.com DigiCert Inc 93bd8b25e88c88cb 2 *.capterra.com, capterra.com GlobalSign nv-sa 005093c396b61e8b 2 *.bugs.gentoo.org, bugs.gentoo.org COMODO CA Limited ab93759060cbcd6e 2 *.getstream.io, getstream.io Microsoft Corporation, Microsoft IT 8784ecbf6bf948e2 2 www.casecurity.org, casecurity.org Symantec Corporation, Symantec Trust Network 3a570d0db27fcd37 2 *.47deg.com, 47deg.com Gandi e09c2ed4f38180c8 2 *.ipfs.io, ipfs.io TERENA fd1347103fa87633 2 *.mapillary.com, mapillary.com DigiCert Inc, www.digicert.com f22fdf95e78031a1 2 wiki.technet.microsoft.com, blogs.technet.microsoft.com DigiCert Inc, www.digicert.com 76166ceba204fd3f 2 bit.ly, www.bit.ly COMODO CA Limited ba0023666b6ccddc 2 kubernetes.io, www.kubernetes.io GeoTrust Inc., Domain Validated SSL 9ebab3d8d9dfd462 2 www.gamasutra.com, gamasutra.com Let's Encrypt 5b3d9529d8ba52cf 2 crates.io, www.crates.io DigiCert Inc, www.digicert.com 0f3fe3b25c175746 2 sitepoint.com, www.sitepoint.com GoDaddy.com, Inc., http://certs.godaddy.com/repository/ 9ddc2c1fbe8d120a 2 www.moderncrypto.org, moderncrypto.org Let's Encrypt 1945b17c447533e7 2 *.hashnode.com, hashnode.com Let's Encrypt 0ffed98d1f835a3a 2 stallman.org, www.stallman.org Let's Encrypt cd337a95eb580126 2 www.wandererfinancial.com, wandererfinancial.com COMODO CA Limited c11176050a6e1559 2 *.cnbc.com, cnbc.com Internet2, InCommon 195ec0c648343267 2 blog.envoyproxy.io, www.blog.envoyproxy.io DigiCert Inc, www.digicert.com bae4c440d06acca2 2 increment.com, *.increment.com Amazon, Server CA 1B 085deafe6763cfd1 2 *.unforget.io, *.nightfinch.com GlobalSign nv-sa 70dba01d48345a4f 2 *.hund.io, hund.io Amazon, Server CA 1B 83ae7c8b28ab8e97 2 bumfuzzle.com, www.bumfuzzle.com Let's Encrypt 4c47dd968c85a08b 2 git.io, www.git.io Amazon, Server CA 1B c707c55641945ace 2 12factor.net, www.12factor.net GoDaddy.com, Inc., http://certs.godaddy.com/repository/ 9a6d8249928c3eb5 2 www.npmjs.com, npmjs.com COMODO CA Limited b22c6d1a90b9ebbb 2 *.appcelerator.org, appcelerator.org COMODO CA Limited 7ae128fa867f9078 2 *.a.guidespark.com, a.guidespark.com Amazon, Server CA 1B 87e9df32bdf0ae99 2 *.pubmail.io, pubmail.io COMODO CA Limited 0ce5e512981d57bc 2 gitlab.com, www.gitlab.com DigiCert Inc, www.digicert.com 6da7ec7fb930c7fe 2 v1-8.docs.kubernetes.io, www.v1-8.docs.kubernetes.io COMODO CA Limited 69b5c1728bda17cd 2 www.batterystuff.com, batterystuff.com Microsoft Corporation, Microsoft IT 690592e5c7a8a0bc 2 uat-answers.microsoft.com, answers.microsoft.com Microsoft Corporation, Microsoft IT 2b550b94ef92238e 2 schneier.com, www.schneier.com COMODO CA Limited 540a684e0b1e75ee 2 *.sans.org, sans.org DigiCert Inc ca121049d5f29688 2 *.rapidsos.com, rapidsos.com Entrust, Inc., See www.entrust.net/legal-terms 88adf856dbdcafbd 2 remote.jobs, www.remote.jobs GoDaddy.com, Inc., http://certs.godaddy.com/repository/ 1e1b30cafd51029e 2 *.sourcegraph.com, sourcegraph.com Symantec Corporation, Symantec Trust Network 3c21c7b2162d5466 2 goodreads.com, www.goodreads.com thawte, Inc. 324895b63eb09884 2 cloudflare.com, www.cloudflare.com Amazon, Server CA 1B 08bbdcbf5564ee3c 2 golangprojects.com, www.golangprojects.com Let's Encrypt 2ec862dc94c63ef4 2 *.alioth.debian.org, alioth.debian.org GoDaddy.com, Inc., http://certs.godaddy.com/repository/ eff6c55cf3cf35c7 2 weworkremotely.com, www.weworkremotely.com Amazon, Server CA 1B 98b61610ff51d9cc 2 explainshell.com, www.explainshell.com Let's Encrypt 8e72a9668977170e 2 www.cisco.com, cisco.com Let's Encrypt 7885bd6eff89fc0c 2 *.circleci.com, circleci.com Let's Encrypt edd218f14d233a07 2 events.ccc.de, fahrplan.events.ccc.de Let's Encrypt bf2744509575edf2 2 openid.net, www.openid.net Let's Encrypt ad4568aa91eb2e51 2 meltdownattack.com, www.meltdownattack.com CloudFlare, Inc. 48c619fa23ddb585 2 *.symitar.com, symitar.com COMODO CA Limited a412a2edac00daf7 2 www.datanami.com, datanami.com Let's Encrypt 8f0059e3cfbec7e2 2 dailycodingproblem.com, www.dailycodingproblem.com COMODO CA Limited cbecdb66169da44c 2 bowerstudios.com, www.bowerstudios.com COMODO CA Limited ef60f3bd8ac7ed24 2 www.rapid7.com, rapid7.com COMODO CA Limited 90b064fa41dc4fad 2 spectreattack.com, www.spectreattack.com Symantec Corporation, Symantec Trust Network 995660bf57f38564 2 *.uni.edu, uni.edu COMODO CA Limited a3878dbdc22eef11 2 marc.info, www.marc.info Let's Encrypt 9a5bf982647c9876 2 daemon-tools.cc, www.daemon-tools.cc COMODO CA Limited 1fca682655b3a118 2 www.itu.int, itu.int COMODO CA Limited e36deaeebee1503a 2 magit.vc, www.magit.vc Let's Encrypt 9af4ac77a7b804aa 2 www.zwischenzugs.com, zwischenzugs.com Let's Encrypt 0efe21a2449c3f36 2 *.pastemagazine.com, pastemagazine.com Symantec Corporation, Symantec Trust Network 9ec32a8e6ca27260 2 *.usgs.gov, usgs.gov COMODO CA Limited 1f6941394df4413a 2 www.comodo.com, comodo.com Symantec Corporation, Symantec Trust Network e90af5035b63f184 2 *.weforum.org, weforum.org Let's Encrypt 0ade05e5fcfa0f4f 2 marcan.st, www.marcan.st Let's Encrypt c6af8f1f5df0fd99 2 www.cabforum.org, cabforum.org Technische Universitaet Muenchen 6c13eb16f1bf1115 2 *.ifixit.com, ifixit.com DigiCert Inc, www.digicert.com a9a2eafe1d4c0ee3 2 *.ec.quoracdn.net, ec.quoracdn.net COMODO CA Limited 58979dca7bafb596 2 corpocrat.com, www.corpocrat.com Let's Encrypt 98debadbc87623a1 2 *.threatpulse.com, threatpulse.com GoDaddy.com, Inc., http://certs.godaddy.com/repository/ 38cbc8b528a2bcb9 2 *.gatesnotes.com, gatesnotes.com Amazon, Server CA 1B 4359b7f3cdaccd0e 2 datadoghq.com, www.datadoghq.com Internet2, InCommon f76e0c34dc954f8b 2 csis.pace.edu, seidenberg.pace.edu Amazon, Server CA 1B 29ba01e281a7e613 2 clubthrifty.com, www.clubthrifty.com Let's Encrypt 51db05452069a7ec 2 *.inc.com, inc.com COMODO CA Limited db7c8de2a91a4d70 2 medium.freecodecamp.org, www.medium.freecodecamp.org DigiCert Inc, www.digicert.com dc89d9b02b5eae2e 2 www.thumbtack.com, thumbtack.com Symantec Corporation, Symantec Trust Network 8e8440a0f98a386d 2 totalcloud.io, www.totalcloud.io Let's Encrypt 9160cc57df2d87af 2 h5l.org, www.h5l.org COMODO CA Limited e9bb06343f02c0a0 2 slack.engineering, www.slack.engineering GoDaddy.com, Inc., http://certs.godaddy.com/repository/ 937fbce6603e5f09 2 kubeweekly.com, www.kubeweekly.com Let's Encrypt e5f8639a8d4d7d2a 2 css-tricks.com, www.css-tricks.com COMODO CA Limited f382247c60e827de 2 forums.xfinity.com, forums.comcast.com COMODO CA Limited 9762bf1f84f6e29e 2 hboeck.de, www.hboeck.de DigiCert Inc, www.digicert.com c3ae0841cd20a092 2 *.changelog.com, changelog.com COMODO CA Limited 46e75175102b184f 2 www.ss64.com, ss64.com COMODO CA Limited 2a6a5d30fb287293 2 *.tools.ietf.org, tools.ietf.org COMODO CA Limited 6c5c746b258d8afa 2 www.linkedin.com, linkedin.com Amazon, Server CA 1B 0de5bad20f72e8da 2 nyse.com, *.nyse.com GoDaddy.com, Inc., http://certs.godaddy.com/repository/ 9659c0fdb3397505 2 *.getdrip.com, getdrip.com DigiCert Inc, www.digicert.com cc3a00662f1d56f2 2 slides.com, www.slides.com COMODO CA Limited 38befb9b4780ed07 2 hackernoon.com, www.hackernoon.com Let's Encrypt e23828e0b98409cd 2 topic.com, *.topic.com DigiCert Inc 6ef87d3d9751b023 2 download.lineage.microg.org, lineage.microg.org Microsoft Corporation, Microsoft IT a228e6102a98af50 2 neustadt.fr, www.neustadt.fr DigiCert Inc, www.digicert.com 7c79640ca6a22003 2 nciphers.com, www.nciphers.com DigiCert Inc, www.digicert.com f0a2337ac82d5e44 2 cryptoweekly.co, www.cryptoweekly.co Jack Henry and Associates, Banno 82d143dbc548fc2d 2 *.nagios.com, nagios.com DigiCert Inc, www.digicert.com adddfa31e25371c8 2 stripe.com, www.stripe.com Let's Encrypt f234f8a0eddd3726 2 *.weebly.com, weebly.com DigiCert Inc, www.digicert.com 7021bb4ce02e927b 2 *.haproxy.com, haproxy.com COMODO CA Limited 810dc95b130fdcfe 2 stripe.ian.sh, www.stripe.ian.sh Jack Henry and Associates, Banno 38aa15da55054c98 2 pgadmin.org, www.pgadmin.org Let's Encrypt 2c50d6f9ee3c1ced 2 cia.gov, www.cia.gov HydrantID (Avalanche Cloud Corporation) dcf658021dc1b94f 2 legacyusblogs-prod.cloudapps.cisco.com, blogs.cisco.com GoDaddy.com, Inc., http://certs.godaddy.com/repository/ 090e21c05b4df50d 2 *.livejournal.com, livejournal.com Let's Encrypt 637a3e32a7a2a5c5 2 *.survivalblog.com, survivalblog.com Let's Encrypt 7aca5afc1b6bd913 2 cialug.org, www.cialug.org CloudFlare, Inc. ab4e4d0c92c35979 2 www.gsb.com, gsb.com Let's Encrypt 048e289a8fe3b479 2 mrsk.me, vez.mrsk.me Let's Encrypt 94aae7a558dd05a9 2 redditblog.com, www.redditblog.com Chunghwa Telecom Co., Ltd. ce2038e3ef3d42e9 2 blog.google, www.blog.google GeoTrust Inc. 4181c54cc40bd9de 2 the-gadgeteer.com, www.the-gadgeteer.com COMODO CA Limited 1d343491f6c115fa 2 eggerapps.at, www.eggerapps.at Let's Encrypt 14daee972184a125 2 robotattack.org, www.robotattack.org Internet2, InCommon 4b1a385debceb917 2 stanford.edu, *.stanford.edu Let's Encrypt 7167ba99865a720e 2 *.dcos.io, dcos.io Let's Encrypt 06a39867804c2a27 2 *.merriam-webster.com, merriam-webster.com Entrust, Inc., See www.entrust.net/legal-terms 45d5cbab8205d0af 2 www.entrust.net, entrust.net GoDaddy.com, Inc., http://certs.godaddy.com/repository/ 6e229308d1fcb1ed 2 code.kx.com, www.code.kx.com DigiCert Inc, www.digicert.com b9f9e139f2a20760 2 envoyproxy.io, www.envoyproxy.io Amazon, Server CA 1B bcbb9e4300a9c09b 2 *.keyvalues.com, *.keyvalues.io Let's Encrypt 6084822857e7c054 2 speakerdeck.com, www.speakerdeck.com DigiCert Inc, www.digicert.com 0dcb5c596746ad05 2 www.autodeskresearch.com, autodeskresearch.com GoDaddy.com, Inc., http://certs.godaddy.com/repository/ 0fedda009f3183ba 2 *.flightradar24.com, flightradar24.com Let's Encrypt 4c157799c3e16eba 2 pgcon.org, www.pgcon.org Let's Encrypt d2b3154e792e10c7 2 www.apple.com, images.apple.com Let's Encrypt 8ed91a938df03b6e 2 *.tls13.facebook.com, tls13.facebook.com Let's Encrypt 52d73f94376703ec 2 systutorials.com, www.systutorials.com Starfield Technologies, Inc., http://certs.starfieldtech.com/repository/ 8245e7b67f6a52f6 2 www.jaxenter.com, jaxenter.com Let's Encrypt e0c4dcd4b90d2258 2 *.cqrcengage.com, cqrcengage.com COMODO CA Limited 749e7a4938f224a9 2 support.namecheap.com, www.support.namecheap.com Let's Encrypt cc8611c6e0d1d494 2 gnutls.org, www.gnutls.org Let's Encrypt 47fae963347b6540 2 imperialviolet.org, www.imperialviolet.org Let's Encrypt 7e8c10a2c5e50cca 2 vertcoin.org, www.vertcoin.org GoDaddy.com, Inc., http://certs.godaddy.com/repository/ ac0a8ab9484bb417 2 1843magazine.com, www.1843magazine.com COMODO CA Limited 133d69292b3787dc 2 www.techopedia.com, techopedia.com COMODO CA Limited 62143556d20ddcaa 2 *.webkit.org, webkit.org Let's Encrypt 5dfda0eb542aa98a 2 www.mail-archive.com, mail-archive.com GeoTrust Inc. 5a9831cf472df487 2 *.kaply.com, kaply.com COMODO CA Limited a2c027b822d36cfa 2 emacswiki.org, www.emacswiki.org DigiCert Inc 6fb85756694b0ebc 2 www.nasa.gov, nasa.gov DigiCert Inc fcf402037fdd1a2f 2 *.zoom.us, zoom.us GlobalSign nv-sa da9ee39f7c08df83 2 ardenfl.com, www.ardenfl.com COMODO CA Limited f9cfa836e1bd8aea 2 keybase.io, www.keybase.io DigiCert Inc, www.digicert.com 736e3332308a97a0 2 hashrocket.com, www.hashrocket.com COMODO CA Limited 68a17e59b9743a7a 2 ap.www.namecheap.com, www.ap.www.namecheap.com COMODO CA Limited a728ca695cfa2796 2 www.namecheap.com, namecheap.com Amazon, Server CA 1B 734e44ddf8f6d07b 2 hackread.com, www.hackread.com Amazon, Server CA 1B 457cd7fc409450a1 2 basecamp.com, www.basecamp.com GlobalSign nv-sa a7a6173e5d6552ff 2 www.survey-executiveboard.com, survey-executiveboard.com DigiCert Inc 7bdc8f8c83e6d578 2 *.37signals.com, 37signals.com Jack Henry and Associates, Banno 4045e8e8ad9d221b 2 servers.opennic.org, servers.opennicproject.org Let's Encrypt 5c5dedf042188cac 2 izbicki.me, www.izbicki.me Let's Encrypt 929fcb4b2599288a 2 redis.io, www.redis.io DigiCert Inc a4d5efd5a8709c81 2 bitrot.sh, www.bitrot.sh GeoTrust Inc. 2ad8611b07e7e44a 2 *.ngrok.io, ngrok.io Let's Encrypt 38c0085fd7fb44e0 2 *.humoroushomemaking.com, humoroushomemaking.com DigiCert Inc 541ee0d1423843da 2 getcruise.com, *.getcruise.com COMODO CA Limited ce4ca5557482cf1f 2 *.brighttalk.com, brighttalk.com Amazon, Server CA 1B 606abf1665309c40 2 snopes.com, www.snopes.com COMODO CA Limited 96569f11a221b8a5 2 *.convertkit.com, convertkit.com Let's Encrypt 8bf159b064ff43d6 2 ghostbin.com, www.ghostbin.com Let's Encrypt 31758001a6cc4f85 2 *.about.gitlab.com, about.gitlab.com Amazon, Server CA 1B 70f779fc70df08c6 2 telepresence.io, www.telepresence.io GlobalSign nv-sa 9619bc345e0a751e 2 *.teamblind.com, teamblind.com Amazon, Server CA 1B 0db1dcbab8da3f5c 2 www.deccanchronicle.com, *.deccanchronicle.com Amazon, Server CA 1B a0f9039eb8cd171c 2 *.jamf.com, jamf.com COMODO CA Limited b68c12dbe97bc93b 2 dssw.co.uk, www.dssw.co.uk Gandi f5c0d7da0240293b 2 *.puppetlabs.com, puppetlabs.com Symantec Corporation, Symantec Trust Network 6df969c04bd08cb9 2 *.sysdig.com, sysdig.com COMODO CA Limited 2b5326de23879982 2 blog.cosmos.network, www.blog.cosmos.network Let's Encrypt 31bb98f8d95b713b 2 www.zanshin.net, zanshin.net COMODO CA Limited 2efb8e8167986d5e 2 medium.com, www.medium.com GlobalSign nv-sa 15cbf3d48a78cc7a 2 www.fox-it.com, fox-it.com Google Trust Services 453801877e74aa35 2 *.fluxometer.com, fluxometer.com GoDaddy.com, Inc., http://certs.godaddy.com/repository/ 963d06af7c5f82c6 2 menu.wendys.com, www.menu.wendys.com Let's Encrypt f986e79a8d0b4bde 2 theintercept.com, *.theintercept.com Let's Encrypt aad4b19ade48be87 2 contributor-covenant.org, www.contributor-covenant.org Let's Encrypt a29acca1ba93d91b 2 *.tekrevue.com, tekrevue.com Let's Encrypt a29acca1ba93d91b 2 *.periscopedata.com, periscopedata.com Symantec Corporation, Symantec Trust Network 5f63650c83186ed3 2 *.csod.com, jha.csod.com Symantec Corporation, Symantec Trust Network 0e2e5266845f0b2e 2 samharris.org, www.samharris.org Let's Encrypt 6306027ac5c6419b 2 *.lastpass.com, lastpass.com GoDaddy.com, Inc., http://certs.godaddy.com/repository/ 522eaf01cba04272 2 wordfence.com, www.wordfence.com COMODO CA Limited 4ce67f6130c60cc7 2 lastpass.com, www.lastpass.com CloudFlare, Inc. d265be52572241ea 2 praetorian.com, *.praetorian.com Amazon, Server CA 1B 32e2d05c80cc1c4f 2 gobyexample.com, www.gobyexample.com TERENA ad11d3f5e63d8f36 2 *.e-activist.com, e-activist.com Symantec Corporation, Symantec Trust Network 63cedc6183a429e9 2 krebsonsecurity.com, www.krebsonsecurity.com COMODO CA Limited cc49731d2cf8609b 2 www.dataturks.com, dataturks.com cPanel, Inc. 87024e68837ed2f0 2 www.veridiancu.org, veridiancu.org Let's Encrypt c7df2c708a7fc84c 2 staltz.com, www.staltz.com Let's Encrypt 52e0f949013a10e0 2 *.lwn.net, lwn.net Let's Encrypt 47e40b5515f0adf1 2 janbambas.cz, www.janbambas.cz COMODO CA Limited 9f56f939a24cc45d 2 www.feistyduck.com, feistyduck.com Amazon, Server CA 1B 73f9ab5213977488 2 www.magicleap.com, *.www.magicleap.com Let's Encrypt ea59131e9ddc46f2 2 syncedreview.com, www.syncedreview.com COMODO CA Limited 5dce88498062be5e 2 *.sensuapp.org, sensuapp.org DigiCert Inc 833113295ff61866 2 ok4wd.com, www.ok4wd.com Let's Encrypt 69cd5a7b08f6e710 2 notamonadtutorial.com, www.notamonadtutorial.com GeoTrust Inc. 6398cf0fbed4569a 2 *.kiva.org, kiva.org COMODO CA Limited 116806d42a89a755 2 *.twit.tv, twit.tv Let's Encrypt 675914073aae7e4e 2 *.vimeo.com, vimeo.com Let's Encrypt 30a6624bba0fb9b0 2 driverlessratings.com, www.driverlessratings.com DigiCert Inc 4abc46f79a7f8651 2 t.co, www.t.co Microsoft Corporation, Microsoft IT dd2797e829d93d95 2 www.sessions.edu, sessions.edu DigiCert Inc b45123f3cda48757 2 twitter.com, www.twitter.com COMODO CA Limited e59b82fb9173e573 2 *.fosdem.org, fosdem.org COMODO CA Limited b914c5ba99d9a116 2 blog.learngoprogramming.com, www.blog.learngoprogramming.com Let's Encrypt 87939eed092960d4 2 github.com, www.github.com DigiCert Inc, www.digicert.com 081f670692a0e678 2 support.mozilla.org, support.mozilla.com Let's Encrypt 38c18a95c2af210e 2 sciencedaily.com, www.sciencedaily.com CloudFlare, Inc. c4b1657d03945720 2 *.theoutline.com, theoutline.com Entrust, Inc., See www.entrust.net/legal-terms 3139cf730e276673 2 *.congress.gov, congress.gov COMODO CA Limited a3eee945dd4dc9bf 2 scihub.org, www.scihub.org Let's Encrypt 361420e1ad3f422f 2 mail.google.com, inbox.google.com Let's Encrypt 883063fd16e0dd69 2 arslan.io, www.arslan.io Let's Encrypt 65d88b39935c879e 2 duckduckgo.com, www.duckduckgo.com GeoTrust Inc. 3df6bf0b514ca345 2 duckduckgo.com, www.duckduckgo.com COMODO CA Limited 4a9f97ee7a82048e 2 mozilla.org, www.mozilla.org Let's Encrypt db83b44eaf2febe8 2 directi.com, *.directi.com Amazon, Server CA 1B 77995132a421d972 1 making.pusher.com Let's Encrypt 773c9b0924de4024 1 schema-registry-ui.landoop.com COMODO CA Limited ffa7ed8456fea474 1 dave.cheney.net COMODO CA Limited 061bbb76dad37c7a 1 startuplab.io Internet2, InCommon dba145ce8e57ff73 1 cr.yp.to GeoTrust Inc. 2bbd9af502e23aa3 1 open.microsoft.com DigiCert Inc b0552bef9e5d16da 1 www.justinobeirne.com COMODO CA Limited 621ce803354ab547 1 cashflowprogram.com Let's Encrypt 54934475ae97e37d 1 lobste.rs COMODO CA Limited 73094a364555882b 1 konghq.com GeoTrust Inc. 9e2a62796e4ec2aa 1 hal.inria.fr Let's Encrypt f19207a0c3c2cd15 1 blog.gopheracademy.com COMODO CA Limited 0df4b7a034e71877 1 drewdevault.com COMODO CA Limited d9387179657c4a4f 1 www.bgpmon.net Let's Encrypt 1abf4fadc313ebb0 1 www.opennic.org Let's Encrypt fbe090113432b51d 1 qsurvey.mozilla.com Let's Encrypt 50408fa0523336d6 1 k8s-banno-production.banno-production.com Let's Encrypt f3ff34be4216cc11 1 investors.etsy.com DigiCert Inc, www.digicert.com 2cc46da2425f1092 1 servers.lol Let's Encrypt 19c6ca64debf5b8b 1 buoyant.io DigiCert Inc, www.digicert.com b5e45d5db903fea8 1 factorable.net Symantec Corporation, Symantec Trust Network 92636266e447c8ee 1 bgpmon.net Let's Encrypt 0c7bb10f9fd83a45 1 fly.io DigiCert Inc 0f686bd31434ad8a 1 www.hybridbookshelf.de GeoTrust Inc. 9abf1cd31a4a51b4 1 chat.joincircles.net Let's Encrypt d6ee64c388ed1425 1 fisherpub.sjfc.edu Let's Encrypt 0e3f12826432d230 1 perkeep.org Symantec Corporation, Symantec Trust Network 32801f2b9538a776 1 www.socialimprints.com DigiCert Inc feceaca50477ca68 1 blog.octo.com COMODO CA Limited 00eed5a42ffe452b 1 linux-audit.com COMODO CA Limited d5a80fb07d24565b 1 k8s-banno-staging.banno-staging.com Let's Encrypt bb8fe3735d104448 1 ksonnet.io COMODO CA Limited c3a45139d2a9cd59 1 k8s-banno-uat.banno-uat.com COMODO CA Limited 2ea91253ac87809a 1 convox.com COMODO CA Limited 6a4784e889e1a495 1 learn-anything.xyz COMODO CA Limited ed398de99b64d1c9 1 mailchimp.com Let's Encrypt 1625960c4ccb95f0 1 wiki.theory.org Let's Encrypt 74bc3e93cb516556 1 muchassemblyrequired.com Let's Encrypt ac7183a285d08552 1 coredns.io GoDaddy.com, Inc., http://certs.godaddy.com/repository/ 69426eca305f9778 1 analytics.usa.gov Internet2, InCommon eb1eb60f35f89eb3 1 www.boringcompany.com GeoTrust Inc. 8bd4de62f0f2199f 1 www.upguard.com Let's Encrypt 2b97d0960c4b0866 1 hn.0x2237.club COMODO CA Limited 03083d79ccf0642d 1 alpinelinux.org Let's Encrypt 2b97d0960c4b0866 1 hn.0x2237.club COMODO CA Limited 10bac3ef6f0ab400 1 www.influxdata.com Let's Encrypt 78530e4b149822ba 1 www.cooklist.co Let's Encrypt ba136c3915701db9 1 camlistore.org Let's Encrypt 878190267d62699d 1 trint.com Let's Encrypt 875813f50f9176cb 1 up.docs.apex.sh Let's Encrypt 3faa12b6b10baa81 1 docs.aws.amazon.com COMODO CA Limited f2a40702a28310a6 1 people.csail.mit.edu Apple Inc., Certification Authority 4fe429d2fcd9a63d 1 idmsa.apple.com GeoTrust Inc. aa3fcc22c838e04b 1 git.exim.org DigiCert Inc 3db66f3bf4f8dcdb 1 www.owasp.org Let's Encrypt f6ea9235ca03c8b9 1 go4.org SSL.com, Controlled by COMODO exclusively for SSL.com dd18a126be829fbb 1 developer.valvesoftware.com Let's Encrypt 76f0eabc2969f512 1 techsolidarity.org DigiCert Inc dc146d684fca21d0 1 *.blob.core.windows.net COMODO CA Limited 96a9ad8e35885a00 1 *.fugue.co COMODO CA Limited 9bb9921c74e275df 1 stationx.rocks GoDaddy.com, Inc., http://certs.godaddy.com/repository/ 0995eb50cc9a23d0 1 *.att.com COMODO CA Limited 39ee4893265b57b5 1 mzl.la Let's Encrypt ea2d5b02a2e75058 1 www.brave.com COMODO CA Limited 4b77d3c79dd32a3a 1 secondnexus.com DigiCert Inc, www.digicert.com eb202529f8560057 1 basicattentiontoken.org thawte, Inc., Domain Validated SSL 02c496bb1fa54961 1 code.visualstudio.com Let's Encrypt 4e68b65072d18049 1 search.maven.org Amazon, Server CA 1B f26aed7edf164c59 1 qconsf.com Let's Encrypt 268311f3c21c5c7a 1 hightimes.com CloudFlare, Inc. 6776d4c9427d8330 1 jekyllrb.com Let's Encrypt 27b3e0b4819ed028 1 thefinancialbrand.com COMODO CA Limited 335635c6983d639a 1 kernelnewbies.org DigiCert Inc, www.digicert.com 4a043a01269cd623 1 carlchenet.com CloudFlare, Inc. e3cbb2bdbd46b643 1 mkcert.org DigiCert Inc e0926dd8dd722110 1 www.happyassassin.net DigiCert Inc 062ba641b6122c45 1 repo1.maven.org DigiCert Inc, www.digicert.com e0771f734d3e071f 1 dlang.org Amazon, Server CA 1B 5a27c5d82e3ac4d6 1 mail.python.org Let's Encrypt 8d95af20a75997c0 1 gigadiff.com COMODO CA Limited 22035f92bd5a5f6e 1 blogs.msdn.microsoft.com Amazon, Server CA 1B 0bdbd35ab9889c30 1 help.getpocket.com Let's Encrypt b0811a82ca11d1ba 1 wiki.gentoo.org GeoTrust Inc., Domain Validated SSL 90636e10649afe20 1 blog.rust-lang.org Let's Encrypt f7f69ddc2084175d 1 ci.jenkins.io Let's Encrypt 53a15cb397398549 1 doc.rust-lang.org Let's Encrypt 7c6249926f62b3ea 1 changelog.reviewable.io Amazon, Server CA 1B 84df0e9c026565ab 1 www.homedepot.com GoDaddy.com, Inc., http://certs.godaddy.com/repository/ bc58c1722f5f6879 1 www.godot.online COMODO CA Limited 418a7ab5b13ed8e5 1 cloudblogs.microsoft.com Let's Encrypt cefaac05a80ae59c 1 www.find-me.co COMODO CA Limited 697d29cd827c7d12 1 lists.debian.org CloudFlare, Inc. 8e14085a02bc56ad 1 learn-golang.com GeoTrust Inc. 94e9baf07078b2fb 1 securosis.com Let's Encrypt e4cc404dbbe11d71 1 gopher.rocks COMODO CA Limited b49d0ef22a4b5d9c 1 blog.abevoelker.com COMODO CA Limited 57dd4f2b69695760 1 www.welovegolang.com Let's Encrypt 7e4dad1936e6d454 1 remoteok.io Let's Encrypt 1c2e2221f903ebd9 1 wiki.alpinelinux.org Let's Encrypt 496438bca715d652 1 rsc.io COMODO CA Limited aa65cb31cac1e072 1 gopkg.link Let's Encrypt e354c3bd8af63add 1 about.txtdirect.org Let's Encrypt e665e5d23bd35d58 1 app.gitprime.com Let's Encrypt 2eca84a46220713e 1 spacetimeinsight.com GoDaddy.com, Inc., http://certs.godaddy.com/repository/ 7b38c4ee927b3e49 1 crocs.fi.muni.cz DigiCert Inc 6e59a78f5d146366 1 pqcrypto.org Amazon, Server CA 1B 7052b0257c099641 1 eprint.iacr.org GlobalSign nv-sa d7c387a86312c5d7 1 nakedsecurity.sophos.com DigiCert Inc, www.digicert.com 2a4de8e0bcf70f05 1 pages.nist.gov Let's Encrypt 874f78d606e59d1f 1 www.gophercon.com Symantec Corporation, Symantec Trust Network b7a8c12743f3d410 1 bench.cr.yp.to Let's Encrypt 03909a4aa94303eb 1 www.halfdog.net COMODO CA Limited 8d2b42873e374820 1 blog.cr.yp.to Let's Encrypt 5fe9097ed8407c4a 1 www.openssl.org Let's Encrypt 1b6e1fc7ca4c3c41 1 reviews.llvm.org COMODO CA Limited a9caa2f65eceab30 1 *.icij.org Let's Encrypt f2ab469310207f2c 1 gitweb.torproject.org COMODO CA Limited 6981eefcd8e74c8e 1 trac.torproject.org COMODO CA Limited 05e458d894642e0f 1 searchfox.org COMODO CA Limited 701d2fd2c43380a2 1 packages.ubuntu.com Starfield Technologies, Inc., http://certs.starfieldtech.com/repository/ 0be8bb2e1ff62756 1 lists.mozilla.org COMODO CA Limited 946eb269a11534f9 1 misissued.com Let's Encrypt f1921c572a63895e 1 usa.experian.com COMODO CA Limited 2959f93cd2af06c1 1 exchange.xforce.ibmcloud.com DigiCert Inc 38f2cf5fb1ec9582 1 click.e.usa.experian.com COMODO CA Limited fadd97286d153dc5 1 *.execute-api.us-west-2.amazonaws.com Let's Encrypt 08771349a94cb450 1 installer.id.ee Symantec Corporation, Symantec Trust Network 57c1ef9de81f64ef 1 assets.bitbashing.io Let's Encrypt b60f1acc620e7175 1 support.plesk.com Gandi f8db4562cd1b3169 1 blog.lizzie.io Let's Encrypt 7c11b2d96cc57a68 1 rusty-spike.blubrry.net Google Inc e88eb8362a005302 1 salsa.debian.org COMODO CA Limited 16aedd83947427f8 1 caddyserver.com Let's Encrypt a4223c9494f6da96 1 www.confluent.io GeoTrust Inc. ef822ced040698cc 1 hg.mozilla.org COMODO CA Limited f8b83ab9a8bff5ad 1 wiki.postgresql.org Entrust, Inc., See www.entrust.net/legal-terms f1b114ea53a03c3f 1 bugzilla.mozilla.org GoDaddy.com, Inc., http://certs.godaddy.com/repository/ b4ea139b444970fe 1 haveibeenpwned.com Let's Encrypt 69f934c08624f34f 1 blog.alexellis.io GlobalSign nv-sa 129b5c4877e68a4c 1 www.sonicwall.com COMODO CA Limited edf308ccabfccda9 1 blog.cloudflare.com Let's Encrypt 44761901649ec9cf 1 crystal-lang.org COMODO CA Limited 685a9c271604e7b9 1 azure.microsoft.com COMODO CA Limited ae69e02731890ef7 1 mobile.twitter.com COMODO CA Limited be0d76e285b90a99 1 upspin.io GeoTrust Inc. 779e1c6ef697f298 1 theprepared.com Symantec Corporation, Symantec Trust Network 6623585e1ac422d1 1 www.google.com Symantec Corporation, Symantec Trust Network c752fddf6abb8a3c 1 brew.sh DigiCert Inc 39830aa9c78907b4 1 matt.life ```