We check for more than just certificate expiration dates.
We know, technically they're called X.509 Public Key Certificates, but we all call them SSL certificates.
We'll monitor your site's certificate expiration dates and send you a notification when they're about to expire.
But we don't just monitor your domain certificate: we verify all your intermediate certificates, too. And if a certificate changes, you'll be presented with a clean before & after report, so you'll see if any of the covered domains have changed too.
CT, CRL, ... do any of those ring a bell? If not, trust us to monitor it for you.
We check your root certificates to see if they've been revoked, either through Certificate Revocation Lists (CRL) or the Online Certificate Status Protocol (OCSP).
If you're using old security algoritms, some browsers will block your site. We detect those old ciphers and will report them to you.
A chain is only as strong as its weakest link. SSL certificates are the prime example.
We don't just monitor your domain certificate but will check every intermediate certificate too, up to the root certificate, to verify the chain of trust.
We look for SHA-1 certificates, revoked or distrusted root certificates, ... each of these can cause your site to be unavailable. And none of those changes are in your control, these decisions get made by the Certificate Authorities (CAs) or the browsers themselves, coordinated via the CAB Forum.
All issued SSL certificates need to be published to known Certificate Logs. As a result, every certificate issued becomes public knowledge.
We monitor those Certificate Transparency Logs and will alert you whenever a new certificate is issued for one of your domains. You can decide if it was on purpose by you or from a malicious actor and act accordingly.