Public certificate management revisited : A summary of policy changes over a two-year period (2021-2023)

Sammanfattning: The purpose of this study was to investigate how the Digital Certificate managementactors of the Public Key Infrastructure of the Internet have changed over the past two years(2021-2023). A set of one million registered top domains were queried with the intention ofmapping out their certificates. This thesis presents a frequency analysis of issuing Certifi-cate Authorities of the top one million domains and presents a concise table showing whichthe most popular Certificate Authorities are, as well as how the popularity has shifted overthe past two years. This thesis also presents tables of how well a select few major CertificateAuthorities follow the stipulated Baseline Requirements issued for the purpose of settingguidelines in handling certificates. Our findings suggest that the major Certificate Author-ities have highly increased their compliance with the requirements over the time period.The Baseline Requirements have stipulated a few new guidelines, none of which relate tothe fields of issuance, revocation and expiration. All the major Certificate Authorities haveadded more support than they have retracted and so it is clear to see that they respect theBaseline Requirements and work toward implementing them.