(This post is a wiki, other community members are welcome to edit and improve it. It's quite likely that I've gotten something wrong, or that offerings have changed.)
Certificate Transparency ("CT") is a system that Certification Authorities (CAs) need to log all publicly trusted certificates to. This helps the security community monitor that CAs are following the rules that they're supposed to be following, and allows for domain name owners (as well as anyone else) to see exactly which certificates have been issued for which domain names.
However, the actual CT log interface is more designed around ensuring that the security guarantees of them are being met, and can't easily be searched directly for a specific name. Various services exist which "scrape" through and aggregate the raw CT data, to make it easier to search through. The following table is a collection of existing services that one might find helpful when attempting to look for something in CT logs.
There's also Entrust Certificate Search - Entrust, Inc.. Will add it to the list. -> was already in the code of the table, but not functional due not being on its own line. By the way, they don't offer an API "officially", but if you look at the network traffic, their webinterface simply connects to their own API, which probably can be used by software too.
Should we also make a column "Remarks" or something? E.g., mention that while crt.sh is a great site, it often has performance issues and lags behind?
Ooeeh, just got a new badge "Wiki Editor" after running around here for almost 8 years already
I could have sworn that I already had Entrust. It was in my personal list, at least. It doesn't look like it's working to me right now, at least, though; I just get an endless spinning wheel when I try to put in a domain name.
IMHO, this feature has tended to create more problems than it tried to avoid. While it is AMAZING in principle, it has been terrible in execution in the past. (I haven't seen one of these emails recently. Hopefully they have been changed.)
On initial release and for a long period of time afterwards (possibly still now), CloudFlare failed to disclose on those "ALERTS!" that Cloudflare itself had procured the certificates for their client. Many people would freak out, believing there to be an exploit, because they did not order the certificate. As part of their uptime strategy and contingency plans, Cloudflare orders multiple certificates for each domain. The backup certificates often include internally coded domains that belong to Cloudflare (but do not look like it), and sometimes include domains belonging to other subscribers.
If you know about this stuff beforehand, or if the emails made it clear, that Cloudflare product would be great.
