|
|
|
|
|
|
by adrukh
1598 days ago
|
|
|
> Is expiration monitoring done solely through certificate transparency logs or also by connecting to the host? For every detected host, the app periodically performs an SSL handshake (HTTPS only), and checks for the expiration of the served cert. CT is used to detect new certs, and extract relevant hosts from these certs. > Can the service monitor hosts that aren't accessible publicly? Nope, this runs as a Heroku app right now, and will work with publicly accessible HTTPS-serving hosts only. > Does this service support certificate checking for certificates that aren't on certificate transparency logs? Yes, CT is used to detect new hosts automatically. The app also relies on the SANS of the certs it finds, spreading as wide as possible within the domain of interest. The actual checking of certs is a simple HTTPS handshake and inspection of the served cert. |
|
|