Certificate Survey

You can find the dashboard here: https://dexter.döpping.eu/certificate-survey.

I downloaded over one million TLS certificates from the internet and built a data dashboard for them. It's pretty interesting to see the variety of signature, key algorithms, key lengths, etc..

It's fun to see how dominant Let's Encrypt is, over 50% of the domains in the open pagerank list I used have a Let's Encrypt certificate.

OCSP Must-Staple is very rarely used. It's an already niche security feature with possible downsides for service reliability, which I guess makes it not very popular.

Also surprised how high the average SAN entry count is per certificate. The vast majority of certificates are only valid for one or two domains, but a fraction of certificates have a ton of domains and that pulls the average up.