If the endpoint is running a public HTTPS server, Cert Spotter checks the expiration date of the live certificate. Otherwise, it looks in CT logs to see if the certificate has been renewed. (Coming soon: monitoring for other installation errors, like missing intermediates.) (3/9)
-
Show this thread
-
Second: say goodbye to alert fatigue! I know you're busy, so I only want to bother you when there's really a problem. If you trust some CAs, you can choose not to be alerted about their certificates. Trusting the 1-3 CAs that you use is WAY better than trusting all 100+. (4/9)pic.twitter.com/hzvYD5xkAo
1 reply 0 retweets 3 likesShow this thread -
Or, if your issuance is automated, there's an API for telling Cert Spotter about your legitimate certificates so you won't be alerted about them. Imagine: plugins for Certbot, Caddy, etc. that automatically authorize all certs that they issue! https://sslmate.com/certspotter/whitelisting_api … (5/9)
1 reply 0 retweets 2 likesShow this thread -
Third: Cert Spotter now tells you who REALLY issued a certificate, and who you need to contact to get it revoked, which will reduce confusion and save you precious time responding to an unwanted certificate. (6/9)pic.twitter.com/SGBRJnpIX0
2 replies 3 retweets 17 likesShow this thread -
It doesn't sound hard to figure out who issued a certificate, but because of all the acquisitions and obscure business arrangements in the WebPKI, you often needed to be a WebPKI expert to figure it out. Now you can just use Cert Spotter. (7/9)
1 reply 0 retweets 6 likesShow this thread -
This minor feature was hard to implement but will have a big impact on making Certificate Transparency more usable by non-experts. Other monitors will tell you that a certificate was issued by a company that isn't a certificate authority, or hasn't existed for a decade. (8/9)
1 reply 0 retweets 9 likesShow this thread -
Do you want monitoring that will prevent downtime, improve your security, while being easy to use? Sign up for Cert Spotter here: https://sslmate.com/signup?for=certspotter … (9/9)
2 replies 0 retweets 7 likesShow this thread -
Replying to @__agwa
that's all really cool work, but I liked it as a free service and won't be able to pay for that fun on private stuff. I think I'm not the only one, did you consider a free tier on a limited-feature version?
1 reply 0 retweets 0 likes -
Replying to @a_z_e_t
I appreciate that, but even providing a limited-feature version has a cost, and as a small company which doesn't show ads or sell user data, the only way to recoup the cost is by charging for the service.
2 replies 0 retweets 2 likes -
Replying to @__agwa
I totally get why a lot of formerly free services now charge for what they're offering. I'm just always wondering if it's not possible to finance a limited free tier with the professional offering. It does usually attract other customers or switch them over entirely at a point.
1 reply 0 retweets 0 likes
Attracting paying customers is the conventional justification for a free tier, but it rarely happened for Cert Spotter over the last 3 years, and a lot of other companies are finding the same thing.
-
-
Replying to @__agwa
hmm ok. sure it works for some services but not at all for others, sometimes it's just related to what feature users perceive as an essential one and only offering it for pay (eg. mail notification). sometimes it's the business model entirely.
1 reply 0 retweets 0 likes -
I'm sad to lose this service though but don't want and don't see a need to pay to have it on private domains.
0 replies 0 retweets 0 likes
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.