CT Logs

CERTInext extends discovery beyond internal infrastructure through Certificate Transparency (CT) log monitoring, providing visibility into publicly issued certificates.

CT logs are global, append-only records mandated by browsers for publicly trusted certificates. CERTInext continuously consumes CT log data to identify certificates issued for verified domains.

What CT Log Monitoring Detects

Newly issued public certificates
Unauthorized or unexpected issuance
Expired or expiring public certificates
Certificates issued by unknown or unapproved CAs
Weak or outdated cryptographic parameters

Enabling CT Log Monitoring

Administrators can enable monitoring by selecting verified domains and optionally including subdomains. Once enabled, CERTInext continuously tracks CT activity and updates metrics in near real time.

CT Metrics and Results

CT dashboards display:

Domain and subdomain coverage
Certificates discovered
Expired certificates
Certificates expiring within defined timelines

Each CT-discovered certificate includes details such as CN/SAN, issuer CA, certificate type, key strength, and expiry information. Renewal actions can be initiated directly from the platform.

PreviousChecking a Bot's Status NextCertificate Inventory

Last updated 1 month ago

hashtagWhat CT Log Monitoring Detects

hashtagEnabling CT Log Monitoring

hashtagCT Metrics and Results

What CT Log Monitoring Detects

Enabling CT Log Monitoring

CT Metrics and Results