Blog |Follow Nick on Twitter| About
 

Certificate Transparency (CT), is an open, public, Certificate Authority monitoring system. More info available over at certificate-transparency.org.

iOS CT Notification

The CT web site sights a couple of examples where CAs have failed, either through compromise or mistake, but recently Facebook caught fake certificates where there was no fault of the CA, which lead me to think... How can I take advantage of this? How would I know if someone issued a certificate for linickx.com?

Google have open-sourced a whole bunch of CT stuff, but it looks over kill for my needs. I found a CT Monitor on github but it's just a database that not only needs hundreds of GB of storage, but a front end to make it useful. ct_advisor, also on github, looks a more complete but still way to much investment for my liking... however the author is providing a hosted version which is a possibility if you like email alerts.

To take advantage of CT, I have opted for Crt.sh mixed with IFTTT.

The Comodo Crt.sh service supports an query-able RSS feed, for example https://crt.sh/atom?q=linickx.%25.

IFTTT supports a Feed Channel that can consume the feed from Crt.sh and then do something. In my case, I opted for a mobile notification... I've published the recipe for others to use:

Just change the feed URL (or change the action) and you're set!

rgds,

Nick

 
Nick Bettison ©