New CT Log Monitoring Tool: sslboard.com

220 views
Skip to first unread message

Chris Hartwig

unread,
Mar 31, 2025, 11:06:52 PMMar 31
to certificate-transparency

Hello CT Community,


I'm happy to finally share SSLBoard.com, a project I've been passionately working on since the pandemic! 

SSLBoard is designed to make SSL certificate inventory and auditing effortless, replacing the need for "that SSL spreadsheet" many of us have relied on.


Feel free to give it a try, there’s a free 14-day trial available. Don’t hesitate to reach out if you need assistance or have questions.


SSLBoard is using Certificate Transparency and the incredible work this community has contributed, to provide an exhaustive yet easy to use solution.

  • it scrapes Certificate Transparency logs (from the Chrome list) with plans to support static-ct-api in the coming months
  • it indexes the certificates to provide an inventory of your domain's SSL certificates 
  • it discovers which SSL Certificates are actually used by each endpoint (IP:port)
  • it presents this Certificate-HostName-IP:port data in the most practical way possible (search, drill down, exports...)
  • it keeps the information up to date by tracking new certificates issuance in near real-time
  • it gets refreshed certificate usage data every day, and on demand
  • Handles thousands of certificates efficiently when needed.


Certificate Transparency has been instrumental in automating inventory management, so thank you all for creating the amazing CT ecosystem. 


Current Status and Road map:

  • SSLBoard is live and scraping logs with the "sslboard.com/1.0" user-agent, with careful handling of 429 responses
  • SSLBoard is focusing on Inventory and Auditing. It allows fixing many kinds of issues, like a certificate that was renewed but not installed, etc...
  • SSL qualitative data will follow, with protocol/cipher information
  • Monitoring issuance and alerting as well
  • and some pretty innovative ideas I’m excited to bring to life!


I’d love to hear your feedback, thoughts, or suggestions as I continue refining SSLBoard.com. Your insights will be invaluable in shaping its future development.


Thank you for your time and attention. I truly appreciate the opportunity to connect with this community!


Best regards,
Chris Hartwig 

Vincent Van doordrecht

unread,
Apr 1, 2025, 4:01:39 AMApr 1
to certificate-transparency
Hi Chris,

Always nice to see new projects built on CT!

I see you're using the term "scraping" on your website. This is usually used to refer to the practice of extracting structured data from webpages, not using APIs. I feel like a more accurate term would be scanning. 

Does  SSLBoard (plan to) announce the STHs it sees (sometimes referred to as gossiping)?

Sincerey,
Vincent van Doordrecht

Chris Hartwig

unread,
Apr 1, 2025, 4:53:50 AMApr 1
to certificate-transparency
Hi Vincent,
Thank you for spotting this! I'm definitely switching to "scanning".

As for STHs, I didn't have plans to announce/gossip them. 
I'm not familiar with that part of CT: if you have good links (I already quickly scanned the ietf draft), or if you think sslboard in particular should announce STHs, I'm all for learning more about it! It seems pretty easy to POST the STHs to a (or multiple) STH pools to .well-known/ct/v1/sth-pollination if I'm correct... I just can't find any such pool. 
Is gossiping considered experimental? There's not much on it out there...

I look forward to learning more about it.
Best,
Chris
Reply all
Reply to author
Forward
0 new messages