Home News NSA Releases Guidelines to Secure Wildcard TLS Certificates

NSA Releases Guidelines to Secure Wildcard TLS Certificates

The NSA warned that cybercriminals could exploit vulnerabilities in ALPACA to break into corporate networks and obtain sensitive information.

professional certifications, certificates, PKI, PKI Automation

The National Security Agency (NSA) in the U.S. is alerting government and public organizations about the risks associated with the use of wildcard Transport Layer Security (TLS) certificates that is resulting in the exploitation of Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA). The NSA warned that cybercriminals could exploit vulnerabilities in ALPACA to break into corporate networks and obtain sensitive information.

What is a Wildcard TLS Certificate?

A wildcard TLS certificate or digital certificate is used to authenticate multiple servers. A TLS certificate allows security admins to use a single wildcard to protect the number of subdomains online. Threat actors often try to misuse wildcard TLS certificates, exploit unsecured servers, and decrypt TLS-encrypted traffic.


ALPACA is a new kind of web application attack that prevents wildcard certificates to verify server identities during the TLS handshake. Attackers leverage the ALPACA technique to exploit hardened web applications via non-Hypertext Transfer Protocol (HTTP) services secured using the same or a similar TLS certificate.

The NSA has released a Cybersecurity Information (CSI) sheet with guidance to help secure the Department of Defense (DoD), National Security Systems (NSS), and Defense Industrial Base (DIB) organizations from poorly implemented wildcard TLS certificates and ALPACA attacks.

According to NSA, the realistic exploitation scenario in an ALPACA attack requires:

  • A target web application that uses TLS
  • Another service/application (typically not a web server) that presents a valid TLS certificate with a subject name that would be valid for the targeted web app, such as when wildcard certificates are too broadly scoped
  • A means for the malicious actor to redirect victim network traffic intended for the target web app to the second service (likely achieved through Domain Name System (DNS) poisoning or a man-in-the-middle compromise)
  • An HTTP request that is accepted by the second service that results in at least part of the request being reflected in the sender

Mitigating ALPACA Attacks

The NSA also recommended certain security measures to defend against ALPACA threats. These include:

  • Understanding the scope of each wildcard certificate used for the organization
  • Identifying all locations where the wildcard certificate’s private key is stored and ensure that the security posture for that location is commensurate with the requirements for all applications within the certificate’s scope.
  • Using an application gateway or Web Application Firewall (WAF) in front of servers, including non-HTTP servers.
  • Using encrypted DNS and validate DNS Security Extensions (DNSSEC) to prevent DNS redirection.
  • Enabling Application-Layer Protocol Negotiation (ALPN) to specify permitted protocols
  • Maintaining web browsers at the latest version with current updates

“By avoiding or responsibly using wildcard certificates, organizations can harden network identities against malicious actors using masquerade techniques. Additionally, ALPACA mitigations block known protocol confusion exploits and strengthen network posture against potential future issues. Administrators should always seek to apply defense-in-depth approaches that apply to classes of risks/threats in order to counter malicious threat actors,” the NSA said.