Certificate Transparency is a system for monitoring and auditing publicly-trusted SSL certificates. This website monitors Certificate Transparency log servers to check that they are behaving correctly.
The list of logs is also available in JSON format at
/logs.json. The schema is identical to the schema
used by the
official
log_list.json
and all_logs_list.json
files, with
the following exceptions:
final_sth
, disqualified_at
and
dns_api_endpoint
keys are excluded.null
if they are not known.https://
.log_id
field is added, which contains the Base64 hash of
the log's key or null
if the key is not known.Gossip is exchanged with the following monitors:
Monitor | URL |
---|---|
Cert Spotter | https://certspotter.com |
Chromium STHSets | https://clients2.google.com/service/update2/crx |
https://www.gstatic.com/ct/gossip |
Two API endpoints are provided for exchanging STH gossip:
Both return all the STHs observed over the last hour, so there is little point in querying them more than once every 30 minutes. If you use one of these endpoints, I'd appreciate being able to fetch gossip from your monitor in return. In particular, the /ct/v1/sth-gossip endpoint doesn't support exchanging gossip in both directions. Get in touch with me if you want to organise this.
An experimental API endpoint is provided for submitting SCT gossip:
The monitor checks that the corresponding entries are included in the log after the log's Maximum Merge Delay has elapsed. Although the results of this check are stored in the database, they are not currently displayed in the web interface.
This website is also available as a Tor hidden service at ctgpe2yc6ez56dhwd5hpj2tdkiuz4m5iy7347cpzmxyacphl72dmfyqd.onion (supported by Tor versions >= 0.3.2) or ctgpe47oofn4ov5v.onion if you want to exchange gossip while remaining anonymous.
I've put up a page describing the methodology used by the monitor. If the monitor displays a warning or bad status for a log, you should read the methodology page before reporting it to the log operator (or even better, get in touch, as the web interface doesn't present all of the available data). In particular, the backend is hosted from a residential Internet connection and network outages may cause false positives.