Crisis Management Days

Automated analysis of SSL/TLS certificates and network communication security in compliance with the Cybersecurity act

Antun Matija Filipović

Croatian Academic and Research Network – CARNET

Vladimir Bralić

University of Applied Sciences Velika Gorica

Silvija Tripalo

PhD Student, Deák Ferenc Doctoral School of Law, University of Miskolc, Hungary, Junior Researcher, Central European Academy, Budapest, Hungary

Keywords: SSL/TLS certificates, network security, automation, Cybersecurity Act, compliance

---

Abstract

Network communication security is a fundamental aspect of protecting information and communication systems, with SSL/TLS certificates playing a crucial role in ensuring the confidentiality and integrity of data on the internet. However, inadequate implementation, the use of outdated protocols, and expired certificates pose significant security threats. This paper explores the possibilities of automated analysis of SSL/TLS certificates to detect security weaknesses, including the use of insecure encryption algorithms, untrusted certificate authorities, and vulnerable protocols. From a technical perspective, the paper presents a Python-based tool that enables rapid and systematic identification of encryption-related issues. From a legal standpoint, the study examines the obligations of organizations under the Cybersecurity Act, the NIS2 Directive, and the GDPR, which require the implementation of technical and organizational measures to safeguard network and information systems. Special emphasis is placed on the legal consequences of insecure encryption, including regulatory sanctions and organizational liability in cases of security breaches. The goal of this paper is to investigate how automated SSL/TLS certificate analysis can assist organizations in meeting legal requirements and improving network communication security.