Abstract

Network communication security is a fundamental aspect of protecting information and communication systems, with SSL/TLS certificates playing a crucial role in ensuring the confidentiality and integrity of data on the internet. However, inadequate implementation, the use of outdated protocols, and expired certificates pose significant security threats. This paper explores the possibilities of automated analysis of SSL/TLS certificates to detect security weaknesses, including the use of insecure encryption algorithms, untrusted certificate authorities, and vulnerable protocols. From a technical perspective, the paper presents a Python-based tool that enables rapid and systematic identification of encryption-related issues. From a legal standpoint, the study examines the obligations of organizations under the Cybersecurity Act, the NIS2 Directive, and the GDPR, which require the implementation of technical and organizational measures to safeguard network and information systems. Special emphasis is placed on the legal consequences of insecure encryption, including regulatory sanctions and organizational liability in cases of security breaches. The goal of this paper is to investigate how automated SSL/TLS certificate analysis can assist organizations in meeting legal requirements and improving network communication security.