When certificates are allowed to expire, organizations are no longer be able to run secure transactions on their domain, and may suffer both reputational and financial damage as a result of website downtime.
Certification Authorities (CA) will prompt you to renew your SSL certificate prior to the expiration date, so always keep an eye out for notifications.
Threat actors create their own digital certificates that mimic the legitimate certificate of an established brand, which are then used to create fake websites that host malicious content.
Ensuring that your organization has a firm grasp on its digital certificate infrastructure is of paramount importance in maintaining a secure public DNS presence.
Locating expired certificates
-
Navigate to
Advanced Query Builder > IPv4 Queries > Scan Data - Certificates -
Enter an
IPv4 address -
Specify a
netmaskto search across a range of IP addresses -
Specify a certificate
fingerprint -
Specify a
domain name(wildcards are supported) -
Tick the
Expired Certs Onlybox -
Specify a
window(days) that results are displayed from -
Limitthe number of results to be returned