{"id":3900,"date":"2025-09-05T10:29:23","date_gmt":"2025-09-05T10:29:23","guid":{"rendered":"https:\/\/certera.com\/blog\/?p=3900"},"modified":"2025-09-05T10:29:24","modified_gmt":"2025-09-05T10:29:24","slug":"tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic","status":"publish","type":"post","link":"https:\/\/certera.com\/blog\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\/","title":{"rendered":"TLS Certificate Slip-Up on 1.1.1.1: How Hackers Could Have Read Your DNS Traffic?"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">When you type a website into your browser, you assume your connection is private. That no one\u2019s peeking over your shoulder. That\u2019s the entire promise of <a href=\"https:\/\/certera.com\/cheap-ssl-certificates\">TLS certificates<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But what happens when that promise is broken? That\u2019s exactly what went down with <strong>Cloudflare\u2019s 1.1.1.1 DNS service,<\/strong> one of the most trusted DNS resolvers on the planet. Unauthorised TLS certificates were issued for it. And yes, that\u2019s as bad as it sounds.<\/p>\n\n\n\n<p class=\"quote-section wp-block-paragraph\">Between <strong>February 2024 and August 2025<\/strong>, a Croatian certificate authority called Fina CA issued twelve unauthorised rogue TLS certificates for Cloudflare\u2019s 1.1.1.1 resolver. Cloudflare never requested them. They weren\u2019t authorised.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">These rogue certificates meant attackers could have impersonated 1.1.1.1, intercepted encrypted DNS queries, and decrypted users\u2019 browsing activity.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Yet, for over a year, these fake certificates existed fully trusted by Microsoft\u2019s root certificate store. <strong>That means if you were using Windows or Microsoft Edge, an attacker could have:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Impersonated 1.1.1.1<\/li>\n\n\n\n<li>Intercepted your DNS queries<\/li>\n\n\n\n<li>Decrypted what you thought was private browsing traffic<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">1.1.1.1 is supposed to be one of the most secure, privacy-first DNS services. Millions of people use it precisely because they want to keep their traffic away from snooping eyes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-why-tls-certificates-are-the-internet-s-proof-of-identity\">Why TLS Certificates Are the Internet\u2019s \u201cProof of Identity\u201d<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">When you visit a website, say, https:\/\/bank.com, your browser doesn\u2019t just trust it blindly. It asks for proof of a TLS certificate.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>That certificate is like an official passport. It says:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u201cYes, I really am bank.com.\u201d<\/li>\n\n\n\n<li>\u201cYes, your data will be encrypted.\u201d<\/li>\n\n\n\n<li>\u201cYes, you can trust me.\u201d<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Who issues these passports? <a href=\"https:\/\/certera.com\/blog\/what-is-a-ca-certificate-authority-role-pki-trust-hierarchies\/\">Certificate Authorities (CAs)<\/a>. If even one CA goes rogue or makes a mistake, attackers can impersonate any site. This isn\u2019t theory. It\u2019s happened before.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-why-1-1-1-1-is-so-important\">Why 1.1.1.1 Is So Important?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">If you don\u2019t know, 1.1.1.1 is Cloudflare\u2019s public DNS resolver, built in partnership with APNIC. Millions of people use it every single day because it\u2019s fast, private, and secure.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">DNS is the phonebook of the Internet. Every time you visit Google, YouTube, or your bank, your device asks a DNS resolver to translate the name into an IP address. That is happening on one of the world\u2019s most popular resolvers.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>If that lookup is compromised, attackers can:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Steal your browsing history<\/li>\n\n\n\n<li>Redirect you to fake websites<\/li>\n\n\n\n<li>Insert malicious code into your traffic<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Also Read:<\/strong> <a href=\"https:\/\/certera.com\/blog\/decoy-dog-malware-toolkit-uncovered\/\">Decoy Dog Malware Toolkit uncovered after analyzing\u00a070 billion DNS Requests<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-who-was-at-risk\">Who Was at Risk?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Here is where it becomes interesting. Microsoft had trust in the Fina CA certificates in its root store. That is to say that Windows and Microsoft Edge users were in the danger zone.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But Chrome, Firefox and Safari? Safe. Why? The reason is that they never trusted Fina to begin with.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-cloudflare-responded\">How Cloudflare Responded?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">And to their credit, Cloudflare acted very quickly after this was published on September 3, 2025.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>They:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Researched the extent of the problem.<\/li>\n\n\n\n<li>The rogue certificates were confirmed revoked.<\/li>\n\n\n\n<li>Contacted Microsoft, Fina, and EU regulators<\/li>\n\n\n\n<li>Reassured users that their WARP VPN was unaffected<\/li>\n\n\n\n<li>They indeed ought to have noticed it earlier.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Nevertheless, Cloudflare also confessed something most companies would not:<\/strong> they have failed to monitor their own certificate transparency warnings.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-businesses-and-users-should-do-next\">What Businesses and Users Should Do Next?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">When something like this happens, people immediately ask What should I do? The answer depends on who you are.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you\u2019re running <strong>IT for a company<\/strong>, the biggest mistake is assuming the defaults are enough. Don\u2019t just trust whatever your operating system trusts. Audit your certificate authorities. Run your own monitoring with Certificate Transparency logs, crt.sh, and Google\u2019s CertSpotter exist for a reason.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">TLS isn\u2019t the whole story. Add layers, like DNSSEC and active monitoring, because no single defence is perfect.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>If you\u2019re a developer<\/strong> or <strong>service owner<\/strong>, think of it as part of your job to automate paranoia. Don\u2019t rely on manual checks; <span style=\"box-sizing: border-box; margin: 0px; padding: 0px;\">wire<\/span> <a href=\"https:\/\/certera.com\/blog\/what-is-ssl-certificate-monitoring-explained\/\">certificate monitoring<\/a> into your CI\/CD. Expect revocations to happen and make sure your systems respect them. And don\u2019t put all your trust in one CA&#8217;s redundancy isn\u2019t overkill, it\u2019s survival.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you are a <strong>simple user<\/strong>, the recommendation is not more complex and no less significant. Always update your OS, since the <a href=\"https:\/\/certera.com\/blog\/what-is-a-certificate-revocation-list-crl-explained\/\">revocation lists<\/a> can be effective only when your system is aware of their existence. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Use browsers such as Chrome or Firefox that have a tendency to be more critical of CAs. And when your browser has an option to enable <a href=\"https:\/\/certera.com\/blog\/difference-between-dns-over-tls-and-dns-over-https\/\">DNS over HTTPS,<\/a> enable it. It is even more difficult to have someone in the middle view or interfere with your traffic.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-conclusion\">Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The Cloudflare 1.1.1.1 incident is a reminder that trust on the internet is fragile. A single mistake by one certificate authority was enough to put millions of users at risk for more than a year. The lesson is simple. Don\u2019t assume someone else is watching your back. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Whether you\u2019re a business protecting customers or a user safeguarding your privacy, certificate transparency, layered defences, and proactive monitoring aren\u2019t optional; they\u2019re survival.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you <strong>want expert guidance<\/strong> on securing your infrastructure against threats like this, <strong><a href=\"https:\/\/certera.com\/\">contact us for cybersecurity services and consulting<\/a>.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>When you type a website into your browser, you assume your connection is private. That no one\u2019s peeking over your shoulder. That\u2019s the entire promise of TLS certificates. But what happens when that promise is broken? That\u2019s exactly what went down with Cloudflare\u2019s 1.1.1.1 DNS service, one of the most trusted DNS resolvers on the<span class=\"morelink d-block mt-3\"><a href=\"https:\/\/certera.com\/blog\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\/\">Read More<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":3902,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18,5],"tags":[755,756],"class_list":["post-3900","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-encryption","category-ssl-certificate","tag-mis-issued-tls-certificates","tag-mis-issued-tls-certificates-for-1-1-1-1-dns-server","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.6 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>TLS Certificate Mis-Issuance on 1.1.1.1: A Hidden Backdoor for Attackers<\/title>\n<meta name=\"description\" content=\"Security researchers revealed that they addressed few unauthorized issuance of multiple TLS certificates for 1.1.1.1 without Cloudflare&#039;s involvement.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/certera.com\/blog\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"TLS Certificate Slip-Up on 1.1.1.1: How Hackers Could Have Read Your DNS Traffic?\" \/>\n<meta property=\"og:description\" content=\"Security researchers revealed that they addressed few unauthorized issuance of multiple TLS certificates for 1.1.1.1 without Cloudflare&#039;s involvement.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/certera.com\/blog\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\/\" \/>\n<meta property=\"og:site_name\" content=\"EncryptedFence by Certera - Web &amp; Cyber Security Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/certeraLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-05T10:29:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-05T10:29:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/09\/misissued-tls-certs-for-dns-service.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"960\" \/>\n\t<meta property=\"og:image:height\" content=\"620\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Janki Mehta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:site\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Janki Mehta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\\\/\"},\"author\":{\"name\":\"Janki Mehta\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\"},\"headline\":\"TLS Certificate Slip-Up on 1.1.1.1: How Hackers Could Have Read Your DNS Traffic?\",\"datePublished\":\"2025-09-05T10:29:23+00:00\",\"dateModified\":\"2025-09-05T10:29:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\\\/\"},\"wordCount\":866,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/misissued-tls-certs-for-dns-service.webp\",\"keywords\":[\"Mis-issued TLS Certificates\",\"Mis-issued TLS Certificates for 1.1.1.1 DNS Server\"],\"articleSection\":[\"Encryption\",\"SSL Certificate\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\\\/#respond\"]}],\"copyrightYear\":\"2025\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\\\/\",\"name\":\"TLS Certificate Mis-Issuance on 1.1.1.1: A Hidden Backdoor for Attackers\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/misissued-tls-certs-for-dns-service.webp\",\"datePublished\":\"2025-09-05T10:29:23+00:00\",\"dateModified\":\"2025-09-05T10:29:24+00:00\",\"description\":\"Security researchers revealed that they addressed few unauthorized issuance of multiple TLS certificates for 1.1.1.1 without Cloudflare's involvement.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\\\/#primaryimage\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/misissued-tls-certs-for-dns-service.webp\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/misissued-tls-certs-for-dns-service.webp\",\"width\":960,\"height\":620,\"caption\":\"Mis-issued Certificates for 1.1.1.1 DNS Service\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/certera.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"TLS Certificate Slip-Up on 1.1.1.1: How Hackers Could Have Read Your DNS Traffic?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"name\":\"EncryptedFence by Certera - Web & Cyber Security Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"alternateName\":\"Certera's EncryptedFence Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/certera.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\",\"name\":\"Certera\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"caption\":\"Certera\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/certeraLLC\\\/\",\"https:\\\/\\\/x.com\\\/certera_llc\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/certera-llc\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\",\"name\":\"Janki Mehta\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"caption\":\"Janki Mehta\"},\"description\":\"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\\\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.\",\"sameAs\":[\"https:\\\/\\\/certerassl.com\\\/\"],\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/author\\\/certerabguser\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"TLS Certificate Mis-Issuance on 1.1.1.1: A Hidden Backdoor for Attackers","description":"Security researchers revealed that they addressed few unauthorized issuance of multiple TLS certificates for 1.1.1.1 without Cloudflare's involvement.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/certera.com\/blog\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\/","og_locale":"en_US","og_type":"article","og_title":"TLS Certificate Slip-Up on 1.1.1.1: How Hackers Could Have Read Your DNS Traffic?","og_description":"Security researchers revealed that they addressed few unauthorized issuance of multiple TLS certificates for 1.1.1.1 without Cloudflare's involvement.","og_url":"https:\/\/certera.com\/blog\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\/","og_site_name":"EncryptedFence by Certera - Web &amp; Cyber Security Blog","article_publisher":"https:\/\/www.facebook.com\/certeraLLC\/","article_published_time":"2025-09-05T10:29:23+00:00","article_modified_time":"2025-09-05T10:29:24+00:00","og_image":[{"width":960,"height":620,"url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/09\/misissued-tls-certs-for-dns-service.webp","type":"image\/jpeg"}],"author":"Janki Mehta","twitter_card":"summary_large_image","twitter_creator":"@certera_llc","twitter_site":"@certera_llc","twitter_misc":{"Written by":"Janki Mehta","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/certera.com\/blog\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\/#article","isPartOf":{"@id":"https:\/\/certera.com\/blog\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\/"},"author":{"name":"Janki Mehta","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7"},"headline":"TLS Certificate Slip-Up on 1.1.1.1: How Hackers Could Have Read Your DNS Traffic?","datePublished":"2025-09-05T10:29:23+00:00","dateModified":"2025-09-05T10:29:24+00:00","mainEntityOfPage":{"@id":"https:\/\/certera.com\/blog\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\/"},"wordCount":866,"commentCount":0,"publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"image":{"@id":"https:\/\/certera.com\/blog\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/09\/misissued-tls-certs-for-dns-service.webp","keywords":["Mis-issued TLS Certificates","Mis-issued TLS Certificates for 1.1.1.1 DNS Server"],"articleSection":["Encryption","SSL Certificate"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/certera.com\/blog\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\/#respond"]}],"copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/certera.com\/blog\/#organization"}},{"@type":"WebPage","@id":"https:\/\/certera.com\/blog\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\/","url":"https:\/\/certera.com\/blog\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\/","name":"TLS Certificate Mis-Issuance on 1.1.1.1: A Hidden Backdoor for Attackers","isPartOf":{"@id":"https:\/\/certera.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/certera.com\/blog\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\/#primaryimage"},"image":{"@id":"https:\/\/certera.com\/blog\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/09\/misissued-tls-certs-for-dns-service.webp","datePublished":"2025-09-05T10:29:23+00:00","dateModified":"2025-09-05T10:29:24+00:00","description":"Security researchers revealed that they addressed few unauthorized issuance of multiple TLS certificates for 1.1.1.1 without Cloudflare's involvement.","breadcrumb":{"@id":"https:\/\/certera.com\/blog\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/certera.com\/blog\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\/#primaryimage","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/09\/misissued-tls-certs-for-dns-service.webp","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/09\/misissued-tls-certs-for-dns-service.webp","width":960,"height":620,"caption":"Mis-issued Certificates for 1.1.1.1 DNS Service"},{"@type":"BreadcrumbList","@id":"https:\/\/certera.com\/blog\/tls-certificate-slip-up-on-1-1-1-1-how-hackers-could-have-read-your-dns-traffic\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/certera.com\/blog\/"},{"@type":"ListItem","position":2,"name":"TLS Certificate Slip-Up on 1.1.1.1: How Hackers Could Have Read Your DNS Traffic?"}]},{"@type":"WebSite","@id":"https:\/\/certera.com\/blog\/#website","url":"https:\/\/certera.com\/blog\/","name":"EncryptedFence by Certera - Web & Cyber Security Blog","description":"","publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"alternateName":"Certera's EncryptedFence Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/certera.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/certera.com\/blog\/#organization","name":"Certera","url":"https:\/\/certera.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","caption":"Certera"},"image":{"@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/certeraLLC\/","https:\/\/x.com\/certera_llc","https:\/\/www.linkedin.com\/company\/certera-llc\/"]},{"@type":"Person","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7","name":"Janki Mehta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","caption":"Janki Mehta"},"description":"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.","sameAs":["https:\/\/certerassl.com\/"],"url":"https:\/\/certera.com\/blog\/author\/certerabguser\/"}]}},"_links":{"self":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/3900","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/comments?post=3900"}],"version-history":[{"count":1,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/3900\/revisions"}],"predecessor-version":[{"id":3901,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/3900\/revisions\/3901"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media\/3902"}],"wp:attachment":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media?parent=3900"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/categories?post=3900"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/tags?post=3900"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}