{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T15:53:19Z","timestamp":1763740399430,"version":"3.45.0"},"publisher-location":"New York, NY, USA","reference-count":33,"publisher":"ACM","funder":[{"name":"NSF (National Science Foundation)","award":["CNS-2154962; CNS-2319421; CNS-1925001"],"award-info":[{"award-number":["CNS-2154962; CNS-2319421; CNS-1925001"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,10,28]]},"DOI":"10.1145\/3730567.3764503","type":"proceedings-article","created":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T15:22:38Z","timestamp":1763738558000},"page":"909-918","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Inside Certificate Chains Beyond Public Issuers: Structure and Usage Analysis from a Campus Network"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7846-2649","authenticated-orcid":false,"given":"Hongying","family":"Dong","sequence":"first","affiliation":[{"name":"University of Virginia, Charlottesville, Virginia, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-3938-8838","authenticated-orcid":false,"given":"Yizhe","family":"Zhang","sequence":"additional","affiliation":[{"name":"University of Virginia, Charlottesville, Virginia, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0361-6532","authenticated-orcid":false,"given":"Hyeonmin","family":"Lee","sequence":"additional","affiliation":[{"name":"University of Virginia, Charlottesville, Virginia, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6650-4373","authenticated-orcid":false,"given":"Yixin","family":"Sun","sequence":"additional","affiliation":[{"name":"University of Virginia, Charlottesville, Virginia, USA"}]}],"member":"320","published-online":{"date-parts":[[2025,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Artifact for ''Inside Certificate Chains Beyond Public Issuers:Structure and Usage Analysis from a Campus Network''. https:\/\/github.com\/yzzhn\/certchainvalidator (accessed","year":"2025","unstructured":"2025. Artifact for ''Inside Certificate Chains Beyond Public Issuers:Structure and Usage Analysis from a Campus Network''. https:\/\/github.com\/yzzhn\/certchainvalidator (accessed Sep 30, 2025)."},{"key":"e_1_3_2_1_2_1","volume-title":"an open source platform for X.509 certificate based service authentication and fine-grained access control in dynamic infrastructures. https:\/\/github.com\/AthenZ\/athenz (accessed","year":"2025","unstructured":"2025. Athenz, an open source platform for X.509 certificate based service authentication and fine-grained access control in dynamic infrastructures. https:\/\/github.com\/AthenZ\/athenz (accessed Jun 16, 2025)."},{"key":"e_1_3_2_1_3_1","volume-title":"FortiGate open ports. https:\/\/docs.fortinet.com\/document\/fortiga te\/6.4.0\/ports-and-protocols\/303168\/fortigate-open-ports(accessed","year":"2025","unstructured":"2025. Fortinet, FortiGate open ports. https:\/\/docs.fortinet.com\/document\/fortiga te\/6.4.0\/ports-and-protocols\/303168\/fortigate-open-ports(accessed Jun 16, 2025)."},{"key":"e_1_3_2_1_4_1","volume-title":"ssl-tls-deep-inspection. https:\/\/docs.fortinet.com\/document\/forti gate\/7.6.0\/best-practices\/598577\/ssl-tls-deep-inspection)accessed","year":"2025","unstructured":"2025. Fortinet, ssl-tls-deep-inspection. https:\/\/docs.fortinet.com\/document\/forti gate\/7.6.0\/best-practices\/598577\/ssl-tls-deep-inspection)accessed Jun 16, 2025)."},{"key":"e_1_3_2_1_5_1","volume-title":"CN=Fake LE Intermediate X1. https:\/\/community.le tsencrypt.org\/t\/cn-fake-le-intermediate-x1\/13437 (accessed","year":"2025","unstructured":"2025. Let's Encrypt Forum, CN=Fake LE Intermediate X1. https:\/\/community.le tsencrypt.org\/t\/cn-fake-le-intermediate-x1\/13437 (accessed Jun 16, 2025)."},{"key":"e_1_3_2_1_6_1","volume-title":"Let's Encrypt Stats. https:\/\/letsencrypt.org\/stats\/)(accessed","year":"2025","unstructured":"2025. Let's Encrypt Stats. https:\/\/letsencrypt.org\/stats\/)(accessed Jun 16, 2025)."},{"key":"e_1_3_2_1_7_1","volume-title":"Welcome to pyca\/cryptography. https:\/\/cryptography.io\/en\/latest\/ (accessed","year":"2025","unstructured":"2025. Welcome to pyca\/cryptography. https:\/\/cryptography.io\/en\/latest\/ (accessed Jun 16, 2025)."},{"key":"e_1_3_2_1_8_1","volume-title":"Dynamic protocol detection (DPD). https:\/\/docs.zeek.org\/en\/master\/logs\/dpd.html (accessed","year":"2025","unstructured":"2025. Zeek, Dynamic protocol detection (DPD). https:\/\/docs.zeek.org\/en\/master\/logs\/dpd.html (accessed Jun 16, 2025)."},{"key":"e_1_3_2_1_9_1","volume-title":"Available trusted root certificates for Apple operating systems. https:\/\/support.apple.com\/en-us\/103272 (accessed","year":"2024","unstructured":"Apple. 2024. Available trusted root certificates for Apple operating systems. https:\/\/support.apple.com\/en-us\/103272 (accessed Oct 29, 2024)."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","unstructured":"Sharon Boeyen Stefan Santesson Tim Polk Russ Housley Stephen Farrell and David Cooper. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280. https:\/\/doi.org\/10.17487\/RFC5280","DOI":"10.17487\/RFC5280"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-98785-5_3"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-56252-5_14"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987454"},{"key":"e_1_3_2_1_14_1","volume-title":"Certificate Transparency Logs. https:\/\/crt.sh\/ (accessed","year":"2024","unstructured":"crt.sh. 2015. Certificate Transparency Logs. https:\/\/crt.sh\/ (accessed Oct 29, 2024)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.23919\/IFIPNetworking62109.2024.10619717"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3646547.3688415"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504755"},{"key":"e_1_3_2_1_18_1","volume-title":"Exploring the Evolution of TLS Certificates. In International Conference on Passive and Active Network Measurement. Springer, 71--84","author":"Farhan Syed Muhammad","year":"2023","unstructured":"Syed Muhammad Farhan and Taejoong Chung. 2023. Exploring the Evolution of TLS Certificates. In International Conference on Passive and Active Network Measurement. Springer, 71--84."},{"key":"e_1_3_2_1_19_1","volume-title":"Common CA Database. https:\/\/www.ccadb.org\/ (accessed","author":"Foundation The Linux","year":"2024","unstructured":"The Linux Foundation. 2024. Common CA Database. https:\/\/www.ccadb.org\/ (accessed Oct 29, 2024)."},{"key":"e_1_3_2_1_20_1","volume-title":"Certificate Transparency in Chrome. https:\/\/googlechrome.githu b.io\/CertificateTransparency\/ (accessed","year":"2024","unstructured":"Google. [n.d.]. Certificate Transparency in Chrome. https:\/\/googlechrome.githu b.io\/CertificateTransparency\/ (accessed Nov 20, 2024)."},{"key":"e_1_3_2_1_21_1","volume-title":"Longitudinal Analysis of Wildcard Certificates in the WebPKI. In 2023 IFIP Networking Conference (IFIP Networking). IEEE, 1--9.","author":"Hasselquist David","year":"2023","unstructured":"David Hasselquist, Ludvig Bolin, Emil Carlsson, Adam Hylander, Martin Larsson, Erik Voldstad, and Niklas Carlsson. 2023. Longitudinal Analysis of Wildcard Certificates in the WebPKI. In 2023 IFIP Networking Conference (IFIP Networking). IEEE, 1--9."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423345"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068856"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00015"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","unstructured":"Ben Laurie Eran Messeri and Rob Stradling. 2021. Certificate Transparency Version 2.0. RFC 9162. https:\/\/doi.org\/10.17487\/RFC9162","DOI":"10.17487\/RFC9162"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815685"},{"key":"e_1_3_2_1_27_1","volume-title":"Release notes - Microsoft Trusted Root Certificate Program. https:\/\/learn.microsoft.com\/en-us\/security\/trusted-root\/release-notes (accessed","year":"2024","unstructured":"Microsoft. 2024. Release notes - Microsoft Trusted Root Certificate Program. https:\/\/learn.microsoft.com\/en-us\/security\/trusted-root\/release-notes (accessed Oct 29, 2024)."},{"key":"e_1_3_2_1_28_1","volume-title":"Mozilla's CA Certificate Program. https:\/\/wiki.mozilla.org\/CA (accessed","author":"Wiki Mozilla","year":"2024","unstructured":"Mozilla Wiki. 2024. Mozilla's CA Certificate Program. https:\/\/wiki.mozilla.org\/CA (accessed Oct 29, 2024)."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3437359.3465586"},{"key":"e_1_3_2_1_30_1","volume-title":"OpenSSL: Cryptography and SSL\/TLS Toolkit. https:\/\/www.openssl.org\/ (accessed","author":"SSL.","year":"2024","unstructured":"OpenSSL. 2024. OpenSSL: Cryptography and SSL\/TLS Toolkit. https:\/\/www.openssl.org\/ (accessed Nov 20, 2024)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","unstructured":"Eric Rescorla and Tim Dierks. 2008. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246. https:\/\/doi.org\/10.17487\/RFC5246","DOI":"10.17487\/RFC5246"},{"key":"e_1_3_2_1_32_1","volume-title":"Sectigo Chain Hierarchy and Intermediate Roots. https:\/\/support.sectigo.com\/articles\/Knowledge\/Sectigo-Chain-Hierarchy-and-Intermediate-Roots (accessed","year":"2024","unstructured":"Sectigo. [n.d.]. Sectigo Chain Hierarchy and Intermediate Roots. https:\/\/support.sectigo.com\/articles\/Knowledge\/Sectigo-Chain-Hierarchy-and-Intermediate-Roots (accessed Nov 18, 2024)."},{"key":"e_1_3_2_1_33_1","volume-title":"An Open Source Network Security Monitoring Tool. https:\/\/zeek.org\/ (accessed","year":"2024","unstructured":"Zeek. 2023. An Open Source Network Security Monitoring Tool. https:\/\/zeek.org\/ (accessed Oct 29, 2024)."}],"event":{"name":"IMC '25:ACM Internet Measurement Conference","location":"Madison WI USA","sponsor":["SIGMETRICS ACM Special Interest Group on Measurement and Evaluation","SIGCOMM ACM Special Interest Group on Data Communication"]},"container-title":["Proceedings of the 2025 ACM Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3730567.3764503","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T15:25:47Z","timestamp":1763738747000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3730567.3764503"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,28]]},"references-count":33,"alternative-id":["10.1145\/3730567.3764503","10.1145\/3730567"],"URL":"https:\/\/doi.org\/10.1145\/3730567.3764503","relation":{},"subject":[],"published":{"date-parts":[[2025,10,28]]},"assertion":[{"value":"2025-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}