Exposed PKI Infrastructure Demo

Common PKI Endpoints

• /certsrv/
• /pki/
• /crl/
• /.well-known/pki-validation/
• /ocsp/
• /CertEnroll/
• /CertSrv/

Server and product strings

Microsoft-IIS/10.0
certsrv
Certificate Services
Microsoft CA
Certificate Authority
CRL Distribution Point
OCSP Responder
    

Certificate files and CRLs

Links that look like certificate resources

/crl/revocation.crl
/pki/cert.cer
/pki/bundle.p7b
/CertEnroll/machine-cert.cer
/CertSrv/certs/revocation.crl
    

• /crl/revocation.crl
• /pki/cert.cer
• /pki/bundle.p7b

Certificate details text

Subject: CN=Test-CA
Issuer: CN=Test-CA
O=Example Organization
OU=IT Department
SerialNumber: 01:23:45:67:89:AB
    

OCSP and responder sample

OCSP Responder at /ocsp/
Responder URL: http://example.test/ocsp/
Service: Certificate Services OCSP
    

Notes

To trigger the scanner serve this page as the response for the listed endpoints. The rule looks for those literal words and the certificate like lines above. The line CN=Test-CA matches regex like CN=[A-Za-z0-9-]+-CA. The file lines ending with .crl .cer and .p7b match the file extension regexes.