I'm trying to figure out what services are utilizing our wildcard certificate because we don't have any documentation about it. I've already checked all our external DNS entries, but I'm still in the dark. Any suggestions on how to investigate this further?
4 Answers
If you've gone through all the potential DNS entries matching the wildcard for HTTPS services, and checked both external and internal DNS, there's a good chance you're not using it. If you want a bold move, let it expire and see who raises a fuss! Not the most recommended method, but it can be effective.
You might also want to scan your network with a tool like nmap to identify where your wildcard certificate is being utilized. Running a command like `nmap 10.1.2.0/22 -p 443 --script ssl-cert | grep Subject:` can provide insights on which services are making use of the cert.
A solid strategy is to implement some monitoring tools for all your TLS certificates, even if it's something simple like Xymon. Having a dedicated page with all your certificates and setting up alerts based on certain thresholds can really help keep track of them. Good luck!
Definitely consider getting proactive with the replacement strategy instead of just letting the wildcard expire. You can issue a cert specific to known hostnames first and if something fails, you can easily revert back to the wildcard. This way, you avoid any last-minute rush to reissue a certificate.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures