Stop Outages and Security Incidents Before They Happen
Cert Spotter monitors your domains for expiring, unauthorized, and invalid SSL certificates, so you can act before an incident, not after.
Trusted at
Improve Security
Attackers can use ill-gotten certificates to impersonate your website and intercept data from your customers.
You shouldn't be in the dark when this happens. Cert Spotter monitors Certificate Transparency logs and alerts you when an unauthorized certificate is issued for one of your domains, protecting you from certificate authority vulnerabilities, DNS tampering, BGP hijacking, and subdomain takeover.
Avoid Outages
Expired, revoked, or incorrectly-installed certificates cause browser errors that drive customers away from your website and cost you business.
Wouldn't you rather learn about problems before your customers notice them? Cert Spotter inventories and monitors your domain's certificates — even certificates installed by Shadow IT — and alerts you so you can fix problems before they cost you money.
We find problems that others miss
Certificates are a notoriously complex topic. You need a monitoring solution that you can trust to reliably detect obscure edge cases.
SSLMate founder Andrew Ayer has contributed to the standards for Certificate Transparency and given invited talks at Apple and Google about Certificate Transparency monitoring. His security research has led to changes in the policies for certificate issuance. When you use Cert Spotter, his expertise is put to work monitoring your certificates.
We don't bother you with false alarms
When's the last time you heard a car alarm and thought a car was being stolen?
A monitoring system that pesters you with false alarms is useless because you begin to ignore the alerts. Most Certificate Transparency monitors alert you about every single certificate for your domains, making it hard to notice when a malicious certificate is issued.
When you use Cert Spotter, you can tell us ahead-of-time about legitimate certificates or trusted certificate authorities, and we won't alert you about certificates matching your specification. When you do receive an alert, you'll know to take it seriously.
We help you fix problems - even if you're not a certificate expert
Cert Spotter provides clear diagnostics and instructions for fixing problems, so you don't waste precious time responding to an incident.
Incorrect certificate chain installed? Cert Spotter provides a link to download the correct chain. Unauthorized certificate detected? Cert Spotter provides revocation instructions tailored for the certificate authority which issued the certificate.
Features
- Flexible Notifications Receive alerts by email, webhook, or Slack notification
- Certificate Inventory Your certificates are found and monitored automatically
- Subdomain Discovery Your subdomains are found and monitored automatically
- Web Dashboard See all your certificates and endpoints in one place
- Expiration Monitoring Get alerts when certificates haven't been renewed yet
- Installation Monitoring Correct chain, matching hostname, proper OCSP stapling, and more
- Compliance Monitoring Ensure your certs comply with browser CT policies
- Unknown Certificate Alerts Get alerts when a certificate is issued by an untrustworthy issuer
- CAA Monitoring Get alerts when a CAA record changes or a certificate violates your CAA policy
- MTA-STS Monitoring Ensure your email domains comply with MTA-STS policies
- MTA-STS Automation Effortlessly publish correct MTA-STS policies
- Monitor Multiple IPs and Ports All of an endpoints' IP addresses are monitored, and you can customize the port numbers
Plans & Pricing
Hobbyist
$15 / month
Monitor up to 20 endpointsA domain or sub-domain, such as example.com, www.example.com, or *.example.com, whose certificates are monitored
Continuous monitoringWe continuously monitor Certificate Transparency and will alert you immediately about unknown certificates for unauthorized certificates
Certificate health checksLearn about downtime-causing certificate installation problems, like a mismatched hostname or incomplete chain every hour
Monitor port 443 on one IPv4 and one IPv6 address per endpoint
30 days audit logA record of account activity, like logins, password changes, etc. retention
Startup
$100 / month
Monitor up to 150 endpointsA domain or sub-domain, such as example.com, www.example.com, or *.example.com, whose certificates are monitored
Continuous monitoringWe continuously monitor Certificate Transparency and will alert you immediately about unknown certificates for unauthorized certificates
Certificate health checksLearn about downtime-causing certificate installation problems, like a mismatched hostname or incomplete chain every 15 minutes
Monitor unlimited ports and IP addresses per endpoint
DNS provider and domain registrar integrationsCert Spotter will discover domains to automatically monitor, ensuring you are always monitoring your entire domain portfolio.
Notification by webhookCert Spotter can invoke a webhook when it detects an unknown certificate. Useful for integration with SIEMs.
Faster customer support
Route account emailsFor example, you could route invoices to your finance team, unauthorized certificate alerts to your security team, and expiring certificate alerts to your ops team. to multiple addresses
90 days audit logA record of account activity, like logins, password changes, etc. retention
Business
$500 / month
Monitor up to 1,000 endpointsA domain or sub-domain, such as example.com, www.example.com, or *.example.com, whose certificates are monitored
Continuous monitoringWe continuously monitor Certificate Transparency and will alert you immediately about unknown certificates for unauthorized certificates
Certificate health checksLearn about downtime-causing certificate installation problems, like a mismatched hostname or incomplete chain every 5 minutes
Monitor unlimited ports and IP addresses per endpoint
DNS provider and domain registrar integrationsCert Spotter will discover domains to automatically monitor, ensuring you are always monitoring your entire domain portfolio.
Notification by webhookCert Spotter can invoke a webhook when it detects an unknown certificate. Useful for integration with SIEMs.
Monitor from 10 worldwide locations
Priority customer support
Route account emailsFor example, you could route invoices to your finance team, unauthorized certificate alerts to your security team, and expiring certificate alerts to your ops team. to multiple addresses
Unlimited audit logA record of account activity, like logins, password changes, etc. retention
Enterprise
Custom
We would love to work with you to tailor a certificate monitoring solution that fits your needs.
Email us at enterprise@sslmate.com to speak with a founding engineer.