Announcing CT Monitoring for Report URI!

I've spoken a lot about Certificate Transparency on my blog recently and how powerful it is for site operators to be able to keep track of certificates issued for their domains. We plan to make that even easier by integrating CT monitoring into Report URI.



Certificate Transparency

The TLDR; of Certificate Transparency (CT) is that every time a CA issues a certificate for a website, an entry must be written onto public CT logs so that a record of the certificate exists. These logs can be searched easily by anyone and my favourite sites for doing so are crt.sh and censys.io. Searching the logs is great, and you often find a lot of information in there, but it's a manual task that you must complete. Our new feature on Report URI allows us to monitor all of the logs on your behalf and send you a notification when we find something that you're interested in.


Automatic Monitoring

Over on Report URI we have a new section on the Filters page that allows you to specify the domain names you'd like us to monitor the CT logs for. We also have the option here to control whether you receive email alerts which are included on any paid account.



Once you have entered the domains names that you want us to monitor for, that's it! We will automatically start monitoring all qualified CT logs and gather certificates to present in your account.



On the Certificate Transparency Reports Page you can see a list of all certificates and pre-certificates that were found matching your Filters. As with other types of report you can also search on several different metrics. You can look for Cert/Pre-Certs or all types of CT entry, search by date, by the hostnames in the cert and by the CA that issued the cert.



Lastly, in the Raw section when you expand it out you can find a link to view full details of the certificate itself or even download a copy of the certificate if you need it.



You can view the details of my certificate here, these links are public and can be shared with anyone. The link to download the cert is restricted to authenticated users only due to the additional resources required for that action so give it a try if you're logged in to Report URI.


CT Monitoring

This feature is now live on the site and all users can go and get started with CT monitoring. The standard plan rules apply in that free accounts can monitor up to 3 domains and paid plans can monitor as many as they need. Also, the email alerts are only available on paid plans as I mentioned above.

Moving forwards we're looking at adding webhook support for the alerts and the ability to detect phishing/impersonation sites using CT logs too!

For those interested in further reading and details around CT, the following links will be helpful.

https://scotthelme.co.uk/certificate-transparency-an-introduction/

https://scotthelme.co.uk/a-new-security-header-expect-ct/

https://scotthelme.co.uk/finding-phishing-sites-with-ct/