Hi Rufus, I got internal server error on that link, but I really appreciate your post and the link to code! Pedro
El miércoles, 28 de noviembre de 2018, 8:45:42 (UTC+1), Buschart, Rufus escribió: > To simplify the process of monitoring crt.sh, we at Siemens have implemented > a little web service which directly queries crt.sh DB and returns the errors > as JSON. By this you don't have to parse HTML files and can directly > integrate it into your monitoring. Maybe this function is of interest for > some other CA: > > https://eo0kjkxapi.execute-api.eu-central-1.amazonaws.com/prod/crtsh-monitor?caID=52410&daystolookback=30&excluderevoked=false > > To monitor your CA, replace the caID with your CA's ID from crt.sh. In case > you receive an endpoint time-out message, try again, crt.sh DB often returns > time outs. For more details or function requests, have a look into its GitHub > repo: https://github.com/RufusJWB/crt.sh-monitor > > > With best regards, > Rufus Buschart > > Siemens AG > Information Technology > Human Resources > PKI / Trustcenter > GS IT HR 7 4 > Hugo-Junkers-Str. 9 > 90411 Nuernberg, Germany > Tel.: +49 1522 2894134 > mailto:rufus.busch...@siemens.com > www.twitter.com/siemens > > www.siemens.com/ingenuityforlife > > Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann > Snabe; Managing Board: Joe Kaeser, Chairman, President and Chief Executive > Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Cedrik > Neike, Michael Sen, Ralf P. Thomas; Registered offices: Berlin and Munich, > Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB > 6684; WEEE-Reg.-No. DE 23691322 > > > -----Ursprüngliche Nachricht----- > > Von: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> Im > > Auftrag von Enrico Entschew via dev-security-policy > > Gesendet: Dienstag, 27. November 2018 18:17 > > An: mozilla-dev-security-pol...@lists.mozilla.org > > Betreff: Re: Incident report D-TRUST: syntax error in one tls certificate > > > > Am Montag, 26. November 2018 18:34:38 UTC+1 schrieb Jakob Bohm: > > > > > In addition to this, would you add the following: > > > > > > - Daily checks of crt.sh (or some other existing tool) if additional > > > such certificates are erroneously issued before the automated > > > countermeasures are in place? > > > > Thank you, Jakob. This is what we intended to do. We are monitoring crt.sh > > at least twice daily every day from now on. > > > > As to your other point, we do restrict the serial number element and the > > error occurred precisely in defining the constraints for this > > field. As mentioned above, we plan to make adjustments to our systems to > > prevent this kind of error in future. > > _______________________________________________ > > dev-security-policy mailing list > > dev-security-policy@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy