# CT Logs
CERTInext extends discovery beyond internal infrastructure through Certificate Transparency (CT) log monitoring, providing visibility into publicly issued certificates.
CT logs are global, append-only records mandated by browsers for publicly trusted certificates. CERTInext continuously consumes CT log data to identify certificates issued for verified domains.
#### What CT Log Monitoring Detects
* Newly issued public certificates
* Unauthorized or unexpected issuance
* Expired or expiring public certificates
* Certificates issued by unknown or unapproved CAs
* Weak or outdated cryptographic parameters
#### Enabling CT Log Monitoring
Administrators can enable monitoring by selecting verified domains and optionally including subdomains. Once enabled, CERTInext continuously tracks CT activity and updates metrics in near real time.
#### CT Metrics and Results
CT dashboards display:
* Domain and subdomain coverage
* Certificates discovered
* Expired certificates
* Certificates expiring within defined timelines
Each CT-discovered certificate includes details such as CN/SAN, issuer CA, certificate type, key strength, and expiry information. Renewal actions can be initiated directly from the platform.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.certinext.io/documentation/certificate-lifecycle-management/discovering-certificates/ct-logs.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.