What is Certificate Transparency Logs?

Certificate Transparency (CT) logs are publicly accessible, append-only databases that record every TLS/SSL certificate issued by participating certificate authorities. Introduced by Google in 2013 and mandated for all publicly trusted certificates since 2018, CT logs enable domain owners and security researchers to monitor certificate issuance for their domains.

Security applications

  • Detecting rogue certificates - if a CA issues a certificate for your domain without your authorisation, CT logs provide evidence
  • Subdomain discovery - CT logs record the domain names on every certificate, revealing subdomains that DNS enumeration may miss
  • Historical analysis - CT logs are append-only, providing a historical record of all certificates ever issued for a domain

Querying CT logs

The most common interface is crt.sh (crt.sh), a free web service that searches CT logs by domain name. Certstream provides a real-time feed of newly logged certificates for continuous monitoring.

SurfaceLoop uses CT log data as one input in its subdomain discovery process, cross-referencing with DNS enumeration and other techniques to build a complete picture of your external attack surface.

Map your attack surface - first scan free