Is there a Cert API Feed of all Registered Certs?


#1

I am looking for a feed of all certs in order to support monitoring users that are registering Certs with the intent to use to support phishing campaigns.


#2

We publish all Let’s Encrypt issued certificates to the Certificate Transparency ecosystem. Presently we submit to ct.googleapis.com/icarus. You will probably find the crt.sh front end to CT useful.


#3

CPU - This is fantastic. Thanks a ton!


#4

also check out tools such as this https://github.com/eriktews/certificate-transparency-tools

Which will allow you to retrieve the certificates programatically from CT servers.

I usually store each cert (PEM format) on disk (the script is fairly easy to modify) and then run openssl to extract metdata into a database such as Elastic or splunk (for queries and searching, trends etc)

I have also seen some CT servers which will give you access to their PostgresSQL databases however I find downloading the certificates and doing your own parsing is more flexible.

Hope this helps

Andrei


#5

last two bits

A) have a look at the formal documentation for how CT servers should operate (it may give you a better idea of how to modify the scripts - for example what the log formats are). https://tools.ietf.org/html/rfc6962

B) Another example of how to use SQL to query CT databases and retrieve data: Adjustments to the Let's Encrypt Statistics methodology

Andrei


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.