On the Web, secure network communication using HTTP over TLS (commonly called HTTPS) has become more or less standard. However, the TLS protocol heavily relies on certificates and the Web PKI, that have revealed some severe weaknesses in the recent years. Therefore, several security mechanisms for certificates have been introduced, e.g. certificate transparency, DNS CAA, etc. Some of these mechanisms are evaluated by the browsers and (if missing or erroneous) can lead to warnings or error messages. However, it is not transparent to the user which mechanisms have been verified and which not and if this is critical or not.
The tasks of this thesis are: analyzing the current state of art in security for certificates; developing of a tool for validating the security mechanism for given certificates; designing a visualization for the validation results. The system shall operate in different modes, e.g. for a novice or an expert user, in a background system without a frontend etc.