If the endpoint is running a public HTTPS server, Cert Spotter checks the expiration date of the live certificate. Otherwise, it looks in CT logs to see if the certificate has been renewed. (Coming soon: monitoring for other installation errors, like missing intermediates.) (3/9)
-
Show this thread
-
Second: say goodbye to alert fatigue! I know you're busy, so I only want to bother you when there's really a problem. If you trust some CAs, you can choose not to be alerted about their certificates. Trusting the 1-3 CAs that you use is WAY better than trusting all 100+. (4/9)pic.twitter.com/hzvYD5xkAo
1 reply 0 retweets 3 likesShow this thread -
Or, if your issuance is automated, there's an API for telling Cert Spotter about your legitimate certificates so you won't be alerted about them. Imagine: plugins for Certbot, Caddy, etc. that automatically authorize all certs that they issue! https://sslmate.com/certspotter/whitelisting_api … (5/9)
1 reply 0 retweets 2 likesShow this thread -
Third: Cert Spotter now tells you who REALLY issued a certificate, and who you need to contact to get it revoked, which will reduce confusion and save you precious time responding to an unwanted certificate. (6/9)pic.twitter.com/SGBRJnpIX0
2 replies 3 retweets 17 likesShow this thread -
It doesn't sound hard to figure out who issued a certificate, but because of all the acquisitions and obscure business arrangements in the WebPKI, you often needed to be a WebPKI expert to figure it out. Now you can just use Cert Spotter. (7/9)
1 reply 0 retweets 6 likesShow this thread -
This minor feature was hard to implement but will have a big impact on making Certificate Transparency more usable by non-experts. Other monitors will tell you that a certificate was issued by a company that isn't a certificate authority, or hasn't existed for a decade. (8/9)
1 reply 0 retweets 9 likesShow this thread -
Do you want monitoring that will prevent downtime, improve your security, while being easy to use? Sign up for Cert Spotter here: https://sslmate.com/signup?for=certspotter … (9/9)
2 replies 0 retweets 7 likesShow this thread -
Replying to @__agwa
that's all really cool work, but I liked it as a free service and won't be able to pay for that fun on private stuff. I think I'm not the only one, did you consider a free tier on a limited-feature version?
1 reply 0 retweets 0 likes -
Replying to @a_z_e_t
I appreciate that, but even providing a limited-feature version has a cost, and as a small company which doesn't show ads or sell user data, the only way to recoup the cost is by charging for the service.
2 replies 0 retweets 2 likes -
FYI: After reading your tweets, I googled “Cert Spotter”, clicked first link, then clicked Pricing – and found the prices for *something else*. I nearly left, because I thought it was too expensive ($15.95/yr/hostname), until I found the other pricing page.
1 reply 0 retweets 0 likes
Thanks, that's very useful feedback! I'll make some changes.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.