Certificate Transparency is a framework that allows you to identify improperly issued TLS certificates and potential phishing domains.
Transport Layer Security (TLS) allows you to securely exchange data between clients and servers. Web browsers use TLS certificates to perform encryption and also to identify trusted and untrusted web sites. If a web browser encounters an untrusted certificate it will warn the user that the site is untrusted and to proceed with caution.
In order to prevent visitors to your site from seeing an untrusted web site warning when using TLS, you must request a publicly-trusted certificate from a Certificate Authority (CA). There are hundreds of CAs, and they all perform various actions to verify your digital identity before issuing you a publicly-trusted certificate.
Problems can arise, however, if a CA is compromised or mis-issues a publicly-trusted certificate. When this happens it may take weeks before the CA can identify and revoke any improperly issued certificates.
To address this problem, the Certificate Transparency (CT) open framework has been introduced. The CT framework allows anyone to log, audit, and monitor publicly-trusted TLS certificates newly issued by any CA.
To help you take advantage of this framework, we have a built a free monitoring tool to help you discover any certificates that have been newly issued for specific domains.
Our Certificate Transparency Monitoring Tool works by continuously fetching and storing data from a set of known public Certificate Authority CT logs. You can use our Certificate Transparency API to search the data store for newly issued certificates, or to subscribe domains for certificate alerts and phishing alerts.
By subscribing a domain to certificate alerts, we can notify you whenever a new certificate has been issued for that domain.
We will the begin sending you webhook notifications whenever new certificates are issued for any of the subscribed domains.
If you discover that a CA has issued a new certificate that you didn't request, for a domain that you own, you can contact the CA to make sure your digital identity has not been compromised and to determine if the certificate should be revoked.
Bad actors can drive unsuspecting visitors to phishing websites through various domain-related tactics, including obtaining TLS certificates for domain names that:
By subscribing a legitimate domain to phishing alerts, we can notify you whenever a new certificate is issued for a domain that may be phishing the legitimate domain.
If you receive a notification and determine that a suspicious domain may be phishing your legitimate domain, you can take several steps:
We will then begin sending you webhook notifications whenever new certificates are issued for domains that match our phishing criteria and thus may be phishing any of the subscribed domains.
If you don't want to use the webhook API, you can instead use our web interface to search for certificates and set up email, push, and Facebook on-site notifications.