I'm super excited about the launch of Cert Spotter API 1.0 today! #CertificateTransparency (1/n)https://twitter.com/SSLMate/status/1058084089880870914 …
-
Show this thread
-
The main question people want
#CertificateTransparency to answer is: what certificates exist for a domain? You can use this information to detect misissued certs, expiring certs, and certs that a former sysadmin manually provisioned and didn't tell anyone about. (2/n)1 reply 0 retweets 1 likeShow this thread -
But how do you do this? There are dozens of
#CertificateTransparency logs you have to look in, and the list of logs changes all the time. And the logs are just big haystacks of Merkle Tree Leaves, rather than certificates indexed by domain name. (3/n)1 reply 0 retweets 1 likeShow this thread -
This is where Cert Spotter comes in: you can make an HTTP request to the Cert Spotter API with a domain name and it returns a JSON array with certificates for that domain, pulled from CT logs. Super easy! (4/n)
1 reply 0 retweets 0 likesShow this thread -
Of course, the response isn't static. It gets bigger as new certificates are issued and added to CT. So you can remember your position in the results and poll for new certificates added since your last query. No need to re-download the whole list to find new certificates! (5/n)
1 reply 0 retweets 1 likeShow this thread -
In CT, a particular issuance can show up as both a certificate and a "precertificate" which contain basically identical information. With the Cert Spotter API, you'll only get one entry rather than two. (6/n)
1 reply 0 retweets 0 likesShow this thread
Have a monitoring system that could benefit from easy access to the 100s of millions of certificates in #CertificateTransparency? Just want to play around and see what's there? Head over to https://sslmate.com/certspotter/api (7/7)
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.