I dont Recognize the issuance of this certificate and someone has used this certificate to access my website

Someone has used a fake SSL certificate to gain acces into my Account please help how I can get help the certificate to be revoked

What do you mean by fake SSL certificate? Are you referring to mTLS client certificate?

Share email where I can share the information of the ssl certificate that was used before to break access into my website

You aren’t making a lot of sense. How was an SSL certificate used to access your site?

I received this email from Cloudflare then all of a sudden my website was hacked. Yet I don’t recognize this issuence.

Here is the email I received. After a short period of time my whole website was hacked and I was not able to access my admin.Kindly revoke this certificate if it is still active on my domain name.

Hello,

Cloudflare has observed issuance of the following certificate for (my domain) or one of its subdomains:

Log date: 2023-02-08 16:45:45 UTC
Issuer: CN=GTS CA 2A1,O=Google Trust Services LLC,C=US
Validity: 2023-02-08 15:45:44 UTC - 2023-03-25 15:45:43 UTC
DNS Names: (my domain names)

Kinldy review those records on my domain and revoke that certificate

Is this a new domain, or is this the first time a certificate has been issued for this domain? (You can search crt.sh for your domain to see all certificates issued for the domain)

CT logs are a common way for attackers to find vulnerable applications, as the host names in question may be in the process of being configured and not entirely secure yet.

I cannot think of a practical attack against most websites that can be achieved using a SSL without significant additional resources being required. The “all of a sudden” is just a coincidence, not cause and effect.

You need to restore your origin server and secure it appropriately. (Even if somebody has compromised Cloudflares certificate management process you have to do this.)

3 Likes

Something to add is that Cloudflare uses Google Trust Services to generate Universal Certificates for your domain, and they renew every ~90 days.so you would get those emails around that time. You can find your universal certificates here: https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates

I am not a Cloudflare employee

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.