SSL Certificate Audit Service

Identify invalid, expiring, and non-compliant certificates across your enterprise infrastructure.

Service Overview

Red Kestrel provides comprehensive SSL certificate audits for organizations of all sizes. Using our specialized auditing tools, we inventory both your public-facing and internal SSL certificates, identifying those that are invalid, insecure, or not compliant with your security policy.

Our audit service works with deployments of any size—from a few dozen certificates to large enterprises with millions of certificates—providing actionable insights to improve your security posture.

Why Certificate Audits Matter

Expired or vulnerable certificates are a leading cause of unexpected outages and security breaches. Our recent audits found that nearly 15% of Fortune 500 companies had at least one expired certificate on their public-facing services.

What We Check

Our comprehensive certificate audit identifies various issues that could compromise your security:

Security Issues

  • Certificates using weak MD5 algorithm
  • Certificates using Debian weak keys
  • Insufficient key lengths (less than 2048 bits)
  • Self-signed certificates in production
  • Untrusted certificate chains

Lifecycle Issues

  • Expired certificates
  • Certificates expiring within 90 days
  • Hostname mismatches
  • Incorrectly configured certificates
  • Duplicate certificates across servers

Report Format

After conducting the audit, we deliver comprehensive reports in both HTML and CSV formats, allowing you to quickly identify issues and plan remediation efforts.

HTML Report

The HTML report provides an executive summary and categorizes certificates into risk groups:

  • Certificates using weak MD5 algorithm
  • Certificates using Debian weak keys
  • Expired certificates
  • Certificates expiring within 90 days
  • Untrusted certificates
  • Complete inventory of all certificates

View Sample Report

CSV Report

The CSV report contains detailed information about each certificate, including:

  • Host and port information
  • Issuer and subject details
  • Key size and signature algorithm
  • Subject Alternative Names (SANs)
  • Validity dates and expiration
  • Trust status and validation errors

This format allows for easy importing into certificate management systems or spreadsheets for tracking and remediation planning.

Sample Findings

In January 2013, we used our in-house tools to audit the top 50,000 websites from the Alexa 1m list. Here is a summary of what we found:

  • 19,937 Certificates Found
  • 341 MD5 Certificates
  • 17 Debian Weak Key Certificates
  • 2,123 Expired Certificates
  • 1,900 Expiring Within 90 Days
  • 5,795 Untrusted Certificates

These findings demonstrate that even among the world's most popular websites, certificate management issues are prevalent and can pose significant security risks.

Request an Audit

Ready to discover your certificate risks? Contact Red Kestrel to schedule an audit today.

Request Quote

Benefits

  • Prevent unexpected outages
  • Enhance security posture
  • Meet compliance requirements
  • Identify certificate management gaps
  • Plan for timely renewals

Related Products

After your audit, consider using CertAlert to proactively monitor certificates and prevent future issues.

Learn About CertAlert

Ready to improve your certificate security?

Contact Red Kestrel to schedule a comprehensive certificate audit for your organization.

Get Started Now