📜 Certificate Transparency Search

Search Certificate Transparency logs to discover all SSL/TLS certificates issued for a domain.

What is Certificate Transparency?

Certificate Transparency (CT) is a framework for monitoring and auditing SSL/TLS certificates. It requires Certificate Authorities to log every certificate they issue, making it possible to detect mis-issued or unauthorized certificates.

Use Cases

  • Subdomain Discovery: Find all subdomains that have had certificates issued Find all subdomains that have been issued SSL certificates.
  • Security Monitoring: Detect unauthorized certificate issuance Detect unauthorized certificates issued for your domain.
  • Reconnaissance: Security professionals use CT logs to map an organization's infrastructure Security professionals use CT logs during penetration testing.
  • Compliance: Verify that your organization's certificates are properly managed Verify that your organization's certificates are properly logged.

Frequently Asked Questions

How does CT help security?

CT logs make it possible to detect fraudulently issued certificates. If a CA issues a certificate for your domain without authorization, you can find it in CT logs.

Are all certificates logged?

Major browsers require CT logging for all publicly trusted certificates. Internal or private CA certificates may not be logged.

Searches public Certificate Transparency logs to find all SSL/TLS certificates ever issued for a domain, detecting unauthorized certificates.

Key Facts

  • All major CAs must log certificates since 2018
  • Over 8 billion certificates in CT logs
  • Chrome rejects certificates not in CT
  • CT detected multiple CA misissuance incidents

Frequently Asked Questions

What is Certificate Transparency?

Open framework logging all SSL certificates. CAs must log issued certs, enabling detection of unauthorized issuance.

Why check CT logs?

Reveals all certs for your domain including unknown subdomains, unauthorized certs, and phishing attempts.

Can CT reveal subdomains?

Yes. CT logs are public and include all domains on certificates. Use wildcards to avoid exposing subdomains.

Related Security Tools

🔒 SSL Certificate Checker 📌 SSL Pinning Generator 🔎 WHOIS Lookup 🛡️ DNSSEC Validator