p.enthalabs

Certificate Transparency search with grouped results | CertObserver

Source: https://certobserver.com/ct-search

Search criteria

Search term

Search scope Group by Sort by

Results will appear here after a search.

Search scope options

DNS SAN (exact) Matches only an identical DNS SAN value, including literal wildcards.

Search`*.example.com`

Matches`*.example.com`

Does not match`www.example.com``*.example.com.au`

DNS host coverage Matches certificates that directly cover the host, including a wildcard for the parent domain.

Search`www.example.com`

Matches`www.example.com``*.example.com`

Does not match`sub.www.example.com``badwww.example.com``www.example.com.au`

DNS host and subdomains Matches direct host coverage plus certificates issued for names below the host.

Search`www.example.com`

Matches`www.example.com``*.example.com``sub.www.example.com``deeper.sub.www.example.com`

Does not match`badwww.example.com``www.example.com.au`

Certificate Transparency is a public logging system for publicly trusted TLS certificates. It makes certificate issuance visible, so domain owners, security researchers, and others can monitor which certificates have been issued by publicly trusted certificate authorities.

Related: we used Certificate Transparency data to analyze when TLS certificates are renewed and how often renewal happens after expiration.

When do new certificates appear?

Publicly trusted TLS server certificates are normally available in search within 10 minutes of being issued.

Are both pre-certificates and final certificates shown?

Certificate Transparency logs may contain a pre-certificate, the final certificate, or both for the same issued certificate. Search results show one result per real certificate. When both a pre-certificate and its corresponding final certificate are found, they are deduplicated into a single result.

Deduplication uses the combination of `TBS-no-CT SHA-256` and `Issuer SPKI SHA-256`. `TBS-no-CT SHA-256` identifies the certificate’s to-be-signed data after Certificate Transparency-specific fields have been removed, allowing the pre-certificate and final certificate to match for deduplication.

What is CertObserver?

CertObserver is a certificate monitoring platform that helps teams track TLS certificates, Certificate Transparency activity, and renewal risk across the domains they operate.