Quantitative analysis of TLS certificate validity on the Internet

The aim of this work is to design and create a tool to collect a large number of used digital certificates from the Internet, while also providing an interface for their management and enabling their quantitative analysis for Internet security research. The thesis first analyzes the requirements and existing projects with a similar goal and then designs its own solution. The output is a modular tool called Cevast, which allows you to collect real digital certificates from the Internet, manage them on a local storage and analyze them using a wide range of functions, in the context of this thesis especially validation using existing implementations of SSL/TLS protocols. Part of the thesis is also a presentation of the functionality of the tool by performing an analysis on a sample of certificates and its evaluation.


Faculty of Informatics

Date of Completion

spring 2020



Martin Ukrop


Radim Podola