The EFF SSL Observatory | Electronic Frontier Foundation Skip to main content About Contact Press People Opportunities EFF 30th Anniversary Issues Free Speech Privacy Creativity and Innovation Transparency International Security Our Work Deeplinks Blog Press Releases Events Legal Cases Whitepapers Take Action Action Center Electronic Frontier Alliance Volunteer Tools Privacy Badger HTTPS Everywhere Surveillance Self-Defense Certbot Atlas of Surveillance Cover Your Tracks Crocodile Hunter Donate Donate to EFF Shop Other Ways to Give Membership FAQ Donate Donate to EFF Shop Other Ways to Give Search form Search Email updates on news, actions, and events in your area. Join EFF Lists Copyright (CC BY) Trademark Privacy Policy Thanks Electronic Frontier Foundation Donate EFF TURNS 30! LEARN MORE ABOUT US, AND HOW YOU CAN HELP. EFF TURNS 30! LEARN MORE. Electronic Frontier Foundation About Contact Press People Opportunities EFF 30th Anniversary Issues Free Speech Privacy Creativity and Innovation Transparency International Security Our Work Deeplinks Blog Press Releases Events Legal Cases Whitepapers Take Action Action Center Electronic Frontier Alliance Volunteer Tools Privacy Badger HTTPS Everywhere Surveillance Self-Defense Certbot Atlas of Surveillance Cover Your Tracks Crocodile Hunter Donate Donate to EFF Shop Other Ways to Give Membership FAQ Donate Donate to EFF Shop Other Ways to Give Search form Search The EFF SSL Observatory PAGE The EFF SSL Observatory The EFF SSL Observatory is a project to investigate the certificates used to secure all of the sites encrypted with HTTPS on the Web. We have downloaded datasets of all of the publicly-visible SSL certificates on the IPv4 Internet, in order to search for vulnerabilities, document the practices of Certificate Authorities, and aid researchers interested in the web's encryption infrastructure. For the public, the slide decks from our DEFCON 18 and 27C3 talks are available, and you can also peruse our second map of the 650-odd organizations that function as Certificate Authorities trusted (directly or indirectly) by Mozilla or Microsoft. Map Key: Hexagon: root CA trusted by Microsoft only Black : signed 0 leaves Diamond: root CA trusted by Mozilla only Violet: signed 1-10 leaves Box : root CA trusted by both Blue : signed 11-100 leaves Ellipse: subordinate CA Green : signed 101-1000 leaves Yellow: signed 1001-10000 leaves Orange: signed 10001-100000 leaves Red : signed 100001-1000000 leaves For the technical research community, our source code is available; you can fetch a copy with this command: git clone https://git.eff.org/public/observatory.git as well as a MySQL database dump (August 2010 MySQL dump), the raw data (August 2010 raw data), and the August 2010 CSV database dump are available. You can also use the Observatory in an Amazon EC2 instance we created.   Please note that the data and code are not polished; patches and help are welcome. Questions can be asked on the project's mailing list or directed privately to . We are particularly concerned about the role and practices of Certificate Authorities (CAs), which are the organizations that can sign cryptographic certificates trusted by browsers. These certificates can contain statements like, "this public key belongs to EFF.org", "this public key belongs to yahoo.com, paypal.com and mozilla.com", or "this public key should be trusted to also act as a CA, signing certificates for other domains". Browsers trust a very large number of these CAs, and unfortunately, the security of HTTPS is only as strong as the practices of the least trustworthy/competent CA. Before publishing this data, we attempted to notify administrators of all sites observed vulnerable to the Debian weak key bug; please let us know if your analysis reveals other classes of vulnerabilities so that we can notify affected parties. The data presented here is derived only from observing publicly-accessible servers and could have been collected by anyone. Research for this project is a collaboration between EFF and Jesse Burns at iSEC Partners. Thanks to the NLnet Foundation and SingleHop for supporting this work.   Back to top Follow EFF: twitter facebook instagram youtube flicker rss Contact General Legal Security Membership Press About Calendar Volunteer Victories History Internships Jobs Staff Issues Free Speech Privacy Creativity & Innovation Transparency International Security Updates Blog Press Releases Events Legal Cases Whitepapers EFFector Newsletter Press Press Contact Donate Join or Renew Membership Online One-Time Donation Online Shop Other Ways to Give Copyright (CC BY) Trademark Privacy Policy Thanks JavaScript license information