Mods

turbot/net_insights

GitHub
Overview
7Dashboards
54Controls
26Queries
2Variables
GitHub
Loading controls...
On This Page
Description
Usage
Plugins & Tables
Params
SQL
Get Involved
Edit on GitHub
Discuss on Slack

Control: Self-signed certificates should not be used

Description

Self-signed certificates contain private and public keys within the same entity, and they cannot be revoked, thus making it difficult to detect security compromises. It is recommended not to use self-signed certificate since it encourage dangerous public browsing behavior.

Usage

Run the control in your terminal:

steampipe check net_insights.control.ssl_certificate_not_self_signed

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share net_insights.control.ssl_certificate_not_self_signed

Plugins & Tables

net_certificate
Net plugin

Params

ArgsNameDefaultDescriptionVariable
$1domain_names
["github.com","microsoft.com"]
DNS domain names.

SQL

select
  common_name as resource,
  case
    when common_name = issuer_name then 'alarm'
    else 'ok'
  end as status,
  case
    when common_name = issuer_name then common_name || ' is self-signed.'
    else common_name || ' is not self-signed.'
  end as reason
from
  net_certificate
where
  domain in (
    select
      jsonb_array_elements_text(to_jsonb($1 :: text [ ]))
  )
order by
  common_name;