The world of SSL/TLS has become very complex. We can take away that complexity for you and present you with an easy-to-use monitoring solution for your SSL certificates.
SSL Certificate Expiration Monitoring
We know, technically they're called X.509 Public Key Certificates, but we all call them SSL certificates.
We'll monitor your website's certificate expiration dates and send you a notification when they're about to expire.
But we don't just monitor your domain certificate: we verify all your intermediate certificates, too. And if a certificate changes, you'll be presented with a clean before & after report, so you'll see if any of the covered domains have changed too.
We mentioned SSL certificates have become complex, right?
CT, CRL, SHA-1, ... do any of those ring a bell? If not, trust us to monitor it for you.
We check your root certificates to see if they've been revoked, either through Certificate Revocation Lists (CRL) or the Online Certificate Status Protocol (OCSP).
If you're using old security algoritms, some browsers will block access to your site. We detect those old ciphers and will report them to you.
Certificate chain validation
A chain is only as strong as its weakest link. SSL certificates are the prime example.
We don't just monitor your domain certificate but will check every intermediate certificate too, up to the root certificate, to verify the chain of trust.
We look for SHA-1 certificates, revoked or distrusted root certificates, ... each of these can cause your site to be unavailable. And none of those changes are in your control, these decisions get made by the Certificate Authorities (CAs) or the browsers themselves, coordinated via the CAB Forum.
Certificate Change Detection
When a certificate is changed, we'll let you know straight away. We'll show a clear before/after comparison of the certificates we found, so you can verify that this change is both intentional and correct..
A changed certificate could be a renewal, but might also be a move to a new server (with a DNS change) or a domain hijack. We'll make sure you see each change!
Certificate Transparency Monitoring & Alerting
All issued SSL certificates need to be published to known Certificate Logs. As a result, every certificate issued becomes public knowledge.
We monitor those Certificate Transparency Logs and will alert you whenever a new certificate is issued for one of your domains. You can decide if it was on purpose by you or from a malicious actor and act accordingly.