1. Home
2. Projects
3. Certificate Transparency Monitor

Introduction

Certificate Transparency is a system for monitoring and auditing publicly-trusted SSL certificates. This website monitors Certificate Transparency log servers to check that they are behaving correctly.

Logs

Show:
Ceased logs Frozen logs Test logs Logs for untrusted roots Logs for redacted certificates Logs for expired certificates

Log	URL	Newest verified STH timestamp (UTC)	Status		Uptime
Akamai	https://ct.akamai.com	2015-07-27 17:28:48		Ceased	N/A
Behind The Sofa	https://ct.filippo.io/behindthesofa	2017-06-20 16:07:00		Bad	99.87%
Certly	https://log.certly.io	2016-04-30 17:59:42		Ceased	N/A
CNNIC	https://ctserver.cnnic.cn	2017-06-24 13:02:41		Good	99.77%
Comodo Dodo	https://dodo.ct.comodo.com	2017-06-24 13:35:01		Good	99.86%
Comodo Mammoth	https://mammoth.ct.comodo.com	2017-06-24 13:36:32		Good	99.92%
Comodo Sabre	https://sabre.ct.comodo.com	2017-06-24 13:35:42		Good	99.97%
DigiCert 1	https://ct1.digicert-ct.com/log	2017-06-24 01:00:19		Good	99.91%
DigiCert 2	https://ct2.digicert-ct.com/log	2017-06-24 01:00:39		Good	99.92%
GDCA	https://ctlog.gdca.com.cn	2017-06-24 13:31:41		Warning	99.43%
GDCA (Legacy)	https://ct.gdca.com.cn	2017-06-24 13:34:46		Warning	99.75%
Google Aviator	https://ct.googleapis.com/aviator	2016-11-30 13:24:18		Frozen	99.95%
Google Daedalus	https://ct.googleapis.com/daedalus	2017-06-24 12:57:05		Good	99.97%
Google Icarus	https://ct.googleapis.com/icarus	2017-06-24 11:42:32		Good	99.95%
Google Pilot	https://ct.googleapis.com/pilot	2017-06-24 13:00:39		Good	99.96%
Google Rocketeer	https://ct.googleapis.com/rocketeer	2017-06-24 13:18:20		Good	99.95%
Google Skydiver	https://ct.googleapis.com/skydiver	2017-06-24 13:09:10		Good	99.97%
Google Submariner	https://ct.googleapis.com/submariner	2017-06-24 12:58:55		Good	99.95%
Google Test Tube	https://ct.googleapis.com/testtube	2017-06-24 13:07:33		Good	99.96%
Izenpe	https://ct.izenpe.com	2016-10-25 07:25:56		Ceased	N/A
Izenpe Argi	https://ct.izenpe.eus	2017-06-05 09:53:01		Ceased	N/A
Izenpe Pilot	https://ct.izenpe.com/pilot	2016-05-14 19:41:49		Ceased	N/A
Let's Encrypt Clicky	https://clicky.ct.letsencrypt.org	2017-06-02 07:58:06		Ceased	N/A
NORDUnet Flimsy	https://flimsy.ct.nordu.net	N/A		Ceased	N/A
NORDUnet Plausible	https://plausible.ct.nordu.net	2017-06-24 13:26:50		Warning	97.05%
PuChuangSiDa	https://www.certificatetransparency.cn/ct	2017-05-12 02:40:17		Ceased	N/A
SHECA	https://ct.sheca.com	2017-06-24 13:26:51		Good	98.52%
SHECA (Legacy)	http://ctlog.sheca.com	2017-03-23 09:47:08		Ceased	N/A
SSLWatcher.com Alpha	https://alpha.ctlogs.org	N/A		Ceased	N/A
StartCom	https://ct.startssl.com	2017-06-24 13:34:35		Good	99.48%
Symantec	https://ct.ws.symantec.com	2017-06-24 13:00:14		Good	99.93%
Symantec Deneb	https://deneb.ws.symantec.com	2017-06-24 13:00:00		Good	99.81%
Symantec Sirius	https://sirius.ws.symantec.com	2017-06-24 13:00:00		Good	99.93%
Symantec Vega	https://vega.ws.symantec.com	2017-06-24 13:00:00		Good	99.93%
Venafi	https://ctlog.api.venafi.com	2017-06-24 13:06:14		Warning	99.89%
Venafi Gen2	https://ctlog-gen2.api.venafi.com	2017-06-24 13:25:21		Warning	99.76%
WoSign	https://ctlog.wosign.com	2017-06-24 13:20:05		Good	99.43%
WoSign 2	https://ctlog2.wosign.com	2017-06-24 13:29:26		Good	99.69%
WoSign 3	https://ctlog3.wosign.com	2017-06-24 13:13:05		Good	99.10%
WoSign (Legacy)	https://ct.wosign.com	2016-04-14 03:22:46		Ceased	N/A

The list of logs is also available in JSON format at /logs.json. The schema is identical to the schema used by the official log_list.json and all_logs_list.json files, with the following exceptions:

• Log operator information is excluded.
• The final_sth, disqualified_at and dns_api_endpoint keys are excluded.
• Keys are null if they are not known.
• URLs are prefixed with https://.
• A log_id field is added, which contains the Base64 hash of the log's key or null if the key is not known.

Monitors

Gossip is exchanged with the following monitors:

Monitor	URL
Cert Spotter	https://certspotter.com
Chromium STHSets	https://clients2.google.com/service/update2/crx
ct.x509.io	https://ct.x509.io

Signed Tree Head gossip

Two API endpoints are provided for exchanging STH gossip:

• /ct/v1/sth-gossip, which implements draft-linus-trans-gossip-ct-01.
• /.well-known/ct/v1/sth-pollination, which implements draft-ietf-trans-gossip-00.

Both return all the STHs observed over the last hour, so there is little point in querying them more than once every 30 minutes. If you use one of these endpoints, I'd appreciate being able to fetch gossip from your monitor in return. In particular, the /ct/v1/sth-gossip endpoint doesn't support exchanging gossip in both directions. Get in touch with me if you want to organise this.

Tor

This website is also available as a Tor hidden service at ctgpe47oofn4ov5v.onion if you want to exchange gossip while remaining anonymous.

Methodology

I've put up a page describing the methodology used by the monitor. If the monitor displays a warning or bad status for a log, you should read the methodology page before reporting it to the log operator (or even better, get in touch, as the web interface doesn't present all of the available data). In particular, the backend is hosted from a residential Internet connection and network outages may cause false positives.