- spot checks and get organized for cert renewals

A cert monitoring tool with a twist - we will send weekly emails showing all your cert renewals due in next 28 days. It is free and remain FREE as a cloud service!

We can already use Spot Checks, launch of dashboards is imminent. Once functional, it will start picking up all new certificates for you domains and subdomains. If you launch a new server, it will appear in your next dashboard.

We try to show as little as possible but not too little - any feedback here is welcome :slight_smile:

What it does - server and CT (certificate transparency checks)

  • direct checks against your server (default is port 443, but you can change it for email server, or custom web applications); and
  • certificate transparency (CT) logs, which contain all legitimate issued certificates that cause your browser show a green or a gray padlock.

If there’s a problem, between those two, you will see it.

The list of Spot checks include:

  • time validity
  • completeness of the certificate chain
  • hostname checks
  • TLS version
  • neighbors - a list of all domain names (i.e., servers) included in the certificate
  • downtime - how many hours / days you didnt have a valid cert in the last 2 years
  • HSTS - we check if your web server prevents downgrade from HTTPS/TLS (HTTP Strict Transport Security flag)

Any thoughts what struggle and a cloud service could help you with - get in touch!


PS: It’s not quite relevant (a different project), but I’m still so excited I have to mention it. We will present at BlackHat US as well as DEFCON in 7 weeks’ time! Come, see our demonstration of multi-party computation and say hallo!

1 Like

Thanks so much for taking your valuable time to review our beta version! We have improved the web server TLS config and it should pass SSLLabs test with A+ now.

I look forward to it :slight_smile:

We had a few questions / comments over the last two days. The most interesting turned out to be caused by our approach to scanning.

We take the address you enter as an address of a server and the spot check (as well as info in dashboards we are working on) tests this server.

This is somewhat different from other SSL scanners - e.g., SSLLabs - which follow redirects.

We decided to stick with our way, although dashboards will automatically add redirect servers to the list of certificates/servers to track.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.