1. Home
  2. Projects
  3. Certificate Transparency Monitor

Certificate Transparency Monitor

Introduction

Certificate Transparency is a system for monitoring and auditing publicly-trusted SSL certificates. This website monitors Certificate Transparency log servers to check that they are behaving correctly.

Logs

Show:

Log URL Newest verified STH timestamp (UTC) Status Uptime
Akamai https://ct.akamai.com 2015-07-27 17:28:48 Ceased N/A
Behind The Sofa https://ct.filippo.io/behindthesofa 2017-09-24 18:34:08 Warning 98.41%
Certly https://log.certly.io 2016-04-30 17:59:42 Ceased N/A
CNNIC https://ctserver.cnnic.cn 2017-09-24 20:03:56 Good 99.71%
Comodo Dodo https://dodo.ct.comodo.com 2017-09-24 20:55:19 Warning 96.52%
Comodo Mammoth https://mammoth.ct.comodo.com 2017-09-24 20:58:07 Good 99.67%
Comodo Sabre https://sabre.ct.comodo.com 2017-09-24 20:58:58 Good 99.53%
DigiCert 1 https://ct1.digicert-ct.com/log 2017-09-24 08:00:11 Good 99.72%
DigiCert 2 https://ct2.digicert-ct.com/log 2017-09-24 08:00:28 Good 99.71%
GDCA 1 https://log.gdca.com.cn 2017-09-24 20:56:01 Good 99.61%
GDCA 2 https://log2.gdca.com.cn 2017-09-24 20:54:02 Good 99.08%
GDCA 2 (Old Key) https://log2.gdca.com.cn 2017-09-07 20:11:06 Ceased N/A
GDCA (Old 1) https://ct.gdca.com.cn 2017-09-24 20:44:46 Warning 98.55%
GDCA (Old 2) https://ctlog.gdca.com.cn 2017-09-24 20:52:52 Warning 98.22%
Google Argon 2017 https://ct.googleapis.com/logs/argon2017 2017-09-24 20:04:40 Good 99.93%
Google Argon 2018 https://ct.googleapis.com/logs/argon2018 2017-09-24 20:04:40 Good 99.95%
Google Argon 2019 https://ct.googleapis.com/logs/argon2019 2017-09-24 20:04:43 Good 99.95%
Google Argon 2020 https://ct.googleapis.com/logs/argon2020 2017-09-24 20:04:39 Good 99.97%
Google Argon 2021 https://ct.googleapis.com/logs/argon2021 2017-09-24 20:05:05 Good 99.96%
Google Aviator https://ct.googleapis.com/aviator 2016-11-30 13:24:18 Frozen 99.80%
Google Daedalus https://ct.googleapis.com/daedalus 2017-09-24 20:10:36 Good 99.81%
Google Icarus https://ct.googleapis.com/icarus 2017-09-24 20:28:29 Good 99.81%
Google Pilot https://ct.googleapis.com/pilot 2017-09-24 19:54:34 Good 99.80%
Google Rocketeer https://ct.googleapis.com/rocketeer 2017-09-24 20:38:14 Good 99.81%
Google Skydiver https://ct.googleapis.com/skydiver 2017-09-24 20:11:45 Good 99.81%
Google Submariner https://ct.googleapis.com/submariner 2017-09-24 20:10:58 Good 99.81%
Google Test Tube https://ct.googleapis.com/testtube 2017-09-24 20:42:15 Good 99.82%
Izenpe https://ct.izenpe.com 2016-10-25 07:25:56 Ceased N/A
Izenpe Argi https://ct.izenpe.eus 2017-06-05 09:53:01 Ceased N/A
Izenpe Pilot https://ct.izenpe.com/pilot 2016-05-14 19:41:49 Ceased N/A
Let's Encrypt Clicky https://clicky.ct.letsencrypt.org 2017-06-02 07:58:06 Ceased N/A
NORDUnet Flimsy https://flimsy.ct.nordu.net N/A Ceased N/A
NORDUnet Plausible https://plausible.ct.nordu.net 2017-09-24 20:57:02 Warning 98.33%
PuChuangSiDa https://www.certificatetransparency.cn/ct 2017-05-12 02:40:17 Ceased N/A
SHECA https://ct.sheca.com 2017-09-24 20:48:19 Good 98.78%
SHECA (Old) http://ctlog.sheca.com 2017-03-23 09:47:08 Ceased N/A
SSLWatcher.com Alpha https://alpha.ctlogs.org N/A Ceased N/A
StartCom https://ct.startssl.com 2017-09-24 20:58:30 Good 99.64%
Symantec https://ct.ws.symantec.com 2017-09-24 19:00:19 Good 99.71%
Symantec Deneb https://deneb.ws.symantec.com 2017-09-24 19:00:00 Good 99.78%
Symantec Sirius https://sirius.ws.symantec.com 2017-09-24 19:00:00 Good 99.71%
Symantec Vega https://vega.ws.symantec.com 2017-09-24 19:00:00 Good 99.79%
Venafi https://ctlog.api.venafi.com 2017-09-24 19:42:04 Warning 99.85%
Venafi Gen2 https://ctlog-gen2.api.venafi.com 2017-09-24 20:54:51 Warning 99.43%
WoSign https://ctlog.wosign.com 2017-09-24 20:53:28 Good 99.55%
WoSign 2 https://ctlog2.wosign.com 2017-09-13 00:59:26 Ceased N/A
WoSign 3 https://ctlog3.wosign.com 2017-09-24 20:49:12 Good 99.54%
WoSign (Old) https://ct.wosign.com 2016-04-14 03:22:46 Ceased N/A
WoTrus https://ctlog.wotrus.com 2017-09-24 20:52:07 Good 100.00%

The list of logs is also available in JSON format at /logs.json. The schema is identical to the schema used by the official log_list.json and all_logs_list.json files, with the following exceptions:

Monitors

Gossip is exchanged with the following monitors:

Monitor URL
Cert Spotter https://certspotter.com
Chromium STHSets https://clients2.google.com/service/update2/crx
Google https://www.gstatic.com/ct/gossip

Signed Tree Head gossip

Two API endpoints are provided for exchanging STH gossip:

Both return all the STHs observed over the last hour, so there is little point in querying them more than once every 30 minutes. If you use one of these endpoints, I'd appreciate being able to fetch gossip from your monitor in return. In particular, the /ct/v1/sth-gossip endpoint doesn't support exchanging gossip in both directions. Get in touch with me if you want to organise this.

Signed Certificate Timestamp gossip

An experimental API endpoint is provided for submitting SCT gossip:

The monitor checks that the corresponding entries are included in the log after the log's Maximum Merge Delay has elapsed. Although the results of this check are stored in the database, they are not currently displayed in the web interface.

Tor

This website is also available as a Tor hidden service at ctgpe47oofn4ov5v.onion if you want to exchange gossip while remaining anonymous.

Methodology

I've put up a page describing the methodology used by the monitor. If the monitor displays a warning or bad status for a log, you should read the methodology page before reporting it to the log operator (or even better, get in touch, as the web interface doesn't present all of the available data). In particular, the backend is hosted from a residential Internet connection and network outages may cause false positives.