Mods

turbot/net_insights

GitHub
Overview
7Dashboards
53Controls
26Queries
2Variables
GitHub
Loading controls...
On This Page
Description
Usage
Plugins & Tables
Params
SQL
Get Involved
Edit on GitHub
Discuss on Slack

Control: Certificate common names should be listed in subject alternative name (SAN)

Description

The common name or subject alternative name (SAN) of your SSL/TLS Certificate should match the domain or address bar in the browser.

Usage

Run the control in your terminal:

steampipe check net_insights.control.ssl_certificate_domain_name_mismatch

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share net_insights.control.ssl_certificate_domain_name_mismatch

Plugins & Tables

net_certificate
Net plugin

Params

ArgsNameDefaultDescriptionVariable
$1domain_names
["github.com","microsoft.com"]
DNS domain names.

SQL

select
  common_name as resource,
  case
    when dns_names ? common_name
    or dns_names ? concat('*.', common_name) then 'ok'
    else 'alarm'
  end as status,
  case
    when dns_names ? common_name
    or dns_names ? concat('*.', common_name) then common_name || ' listed in certificate''s SAN.'
    else common_name || ' not listed in certificate''s SAN.'
  end as reason
from
  net_certificate
where
  domain in (
    select
      jsonb_array_elements_text(to_jsonb($1 :: text [ ]))
  )
order by
  common_name;