[weddpros]

You're absolutely right, at the enterprise level, managing an SSL fleet goes far beyond just issuance, and you can't assume the certificates you're issuing are the only ones that exist.

Shameless plug: if you need to cut through the noise of thousands of certs across thousands of hosts, there's https://sslboard.com

[indigodaddy]

Shame this isn't open source or some open source equivalent

[weddpros]

To be honest, it's rather difficult and costly to run, with a 1.5B rows database of indexed unexpired certificates and a scanning job that took weeks from dozens of IPs.

[indigodaddy]

Oh so this is only cloud hosted service, no on-prem option?

[weddpros]

The CT Log scanning infrastructure is cloud based (rather bare metal actually), the application db, service, and Host scanning can be on-prem. An exceptional enterprise customer could convince me to offer a 100% on-prem solution

[fab_space]

Helo and thank you to point out this tool I ignored before.

There is an opportunity to improve the tool then I added this feature as wanted feature in the plan as certmate dev :)