In my previous article I wrote about using Faust to process certificate transparency data. To test accuracy and responsiveness I started storing all certificates in Elasticsearch. Since this data is already available on my VPS I decided to run a public page that allows you to query terms and find related/matching certificates.

You can access the page @ https://transparency.d3vzer0.com.  You can use the full extend of the elastic syntax; this means using wildcards/regex is allowed. Note that only 100 results will be returned per query. Enjoy, and try not to break my server :)

The VPS has limited resources so I'm not able to provide a view of all certificate metrics. Based on a rough calculation storing all certificate metrics takes up to 300GB of storage each month. To limit the costs I only store the following fields:

  • Certificate / entry DN (often the domain of the requester)
  • Issuer / provider DN (often company/team that issued the certificate)
  • Certificate not_before (from what date the certificate is valid)
  • Certificate not_after (until what date the certificate is valid/expiry)
  • Certificate fingerprint (unique fingerprint of the certificate)

This means I removed the chain from my metrics and values such as versions etc. The page does require a captcha and prevents automated use. At least, I hope I implemented this correctly. Automated and frequent lookups are also possible from a whitelist of IP ranges. However, global access is currently disabled since I'm still uncertain what performance impact this will have on my cheap'o VPS. You can always drop me a message if you would like to try this out.

PS. Small privacy notice

Your search queries are sent over an encrypted (TLS) POST and the content of your search query is not logged. Only default GET requests, ie. pages visited are stored as the default NGinx logs.

~ Read next post in Certificate Transparency ~

StreamIO domain/cert monitoring

Posted by Joey Dreijer

3 min read