CT Advisor - Certificate Transparency Monitoring
ct_advisor is a proactive alerting tool for Google's Certificate Transparency
Google offers a number of great options for an administrator to utilise this feature. Unfortunately being an early adopter, particularly if you run Windows servers or run SSL on appliances, makes it difficult to take advantage of this service.
As an alternative option, this service continually polls the CT log, and will proactively trigger alerts and send you an email if a certificate is ever registered for your domain, by any CA in the CT program. This can be used to identify fraudulent certificates.
Using CT Advisor
Once you've registered a domain, there's nothing more to do. You will receive an email any time an SSL certificate for your domain, or any subdomains, are submitted to the CT log.
This image shows ct_advisor in action:
To register a domain for monitoring on this service, click here to register your domain
Users are encouraged to review source code.
Front end code - Rails
Where all the action happens - Erlang
Every useless organisation and its dog currently claims to "take security very seriously". The only serious statements a person can make are:
- The only information gathered is what you provide when signing up - email address and associated domain.
- All source code is available for review
- Frontend code is analysed with brakeman and bundler-audit regularly
If you believe you have identified a security concern, please report privately by direct email: technion at lolware.net.