The Internet's current security landscape remains fundamentally compromised by inherent protocol vulnerabilities. Existing security solutions have been narrowly focused, addressing isolated protocols or specific attack vectors without developing a comprehensive security framework. Our proposed certificate-centric security oracle represents a paradigm shift, offering universal security services that enable protocols to robustly attest their identities and authentically validate their communications. The security oracle operates in a cross-layer fashion so that any protocol (in any layer) that wishes to use such services can be extended individually with minor efforts (say, adding a few fields to carry a certificate or a signature). We also present a few case studies illustrating how existing protocols can be extended to use the services of the security oracle. Prototype-based experiments are carried out for ICMP and DHCP to demonstrate the practical feasibility of the proposed framework.