Certificate transparency (CT) monitoring for Let's Encrypt certificates

Continuing the discussion from Add certificate transparency monitoring service to Let's Encrypt:

The original discussion happened before we decided to look into exactly the same thing. I don’t see this as a function of Let’s Encrypt as a CA and it is likely to remain in hands of administrators. What we can do is to make this really easy.

We have just launched KeyChest - https://keychest.net (It is free)

KeyChest already uses CT logs extensively but if you’re after particular security checks, please comment here! We’ll see how to include it into headlines or other visible warnings.

one of the members of this forum @sahsanu wrote a script which may give you some more ideas


1 Like

@sahsanu I really like it - a pretty cool job of maximizing info value in terminal! The things we don’t have is:

  • filter my domain
  • show number of certificates you can request now

We do have information from CT and from actual servers (TLS handshake) - would comparing those and figuring out “likely” rogue certs make sense? The logic for that is not trivial but doable.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.