I've always found HTTPS certificates fascinating and, with the removal of Symantec as a CA provider I was curious as to just how certs are used across the internet so I obtained a list of domain names and set about scanning them with a simple openssl based script to see what sort of cert the site has (if it has one), the expiry date, any redirections and so on. This was mostly to see just how many sites use a symantec cert. I grabbed a list of 10 million domains from alexa and discovered that scanning 10 million domains actually takes a bit of time! I thought it might be interesting to see what I've found so far having scanned just shy of three million domains.

Here are a few stats:
Number of domains scanned: 2,876,125
Number of domains with some sort of certificate: 2,786,715
Oldest cert in the database: 18th December 1901
Cert with the longest expiry: 31st December 9999 (really!)

Clearly, both of those certs are self signed certs and this highlights a gap in the script as it doesn't currently log if the cert is self signed cert.

Number of certs by issuer

It's really nice to see Let's Encrypt with a very healthy number of certs. I was surprised just how few were issued by Amazon. I do expect that number to increase over time.

Focusing on the Symantec certs, I did find that I'd made a bit of a mistake in the script as I was looking at the first cert on the target and not considering SNI, once I included SNI into the script and reran the check, I dropped out 300 Symantec certs from the list. This shows that there are still a lot of devices out there with Symantec certs on them which haven't yet been removed although some sites are not using them.

What was quite depressing was the number of sites with a HTTPS cert who forced a redirect to HTTP, for example:

I plan on adding more to the script and refining the data it's collecting but it has proved to be an intersting exercise.

I've uploaded the script to github, if anyone is curious.