| (Pre)certificates Observed | |
|---|---|
| Issuances Observed | |
| Revocations Observed | |
| Log Entries Downloaded | |
| STHs Audited | |
| SCTs Audited | |
| Disk Space Used | GB |
Logs Monitored By SSLMate
SSLMate downloads the log lists published by Apple and Chrome and monitors all logs which are considered Qualified, Usable, or ReadOnly by either platform. This ensures that any certificate accepted by those platforms' validators will be detected by the Certificate Search API or Cert Spotter. If we encounter a problem monitoring a log, we report it to Apple and Chrome so that the log can be repaired or distrusted as appropriate.
To broaden our coverage, we may monitor additional logs on a best-effort basis if they contain unexpired, publicly-trusted SSL certificates. We do not monitor logs which are intended for private or non-SSL certificates.
| Log Name | Size | Backlog | Ingest Rate | get-sth Error Rate | ||||
|---|---|---|---|---|---|---|---|---|
| Download | Verify | 1 day | 7 days | 90 days | ||||
OPML Meta-Feed of all Log Error Feeds CSV of Logs Known to SSLMate
Logs Previously Monitored By SSLMate
These logs are no longer monitored by SSLMate, but any unexpired certificates in these logs are still available through the Certificate Search API or Cert Spotter.
| Name | Downloaded Entries |
|---|
Glossary
- Issuances Observed
- The number of distinct certificate/precertificate pairs that have been ingested by SSLMate. You can search these (pre)certificates using the Certificate Search API or Cert Spotter.
- Download Backlog
- The number of entries which are in the log but which haven't been downloaded by SSLMate. These (pre)certificates are not yet available from the Certificate Search API or Cert Spotter unless SSLMate has downloaded them from a different log.
- Verify Backlog
- The number of entries which are in the log but which haven't been verified by SSLMate as being part of a signed tree head.
- Ingest Rate
- The number of log entries per second that SSLMate is ingesting from the log.
- get-sth Error Rate
- The percentage of get-sth or checkpoint calls which were unsuccessful. SSLMate makes a get-sth or checkpoint call to every log every 5 minutes. Logs frequently have transient errors, so a non-zero error rate is not a cause for concern. If the error rate is 100%, then SSLMate may not know the true size of the log, and will investigate.
Error Feed
To help log operators detect problems with their logs, SSLMate publishes an RSS feed for every log (linked above) that reports the following problems:
- Network error calling get-sth.
- The STH returned by get-sth is invalid or malformed.
- The STH returned by get-sth has an invalid signature.
- Network error calling get-entries.
- An entry returned by get-entries is invalid or malformed.
- The entries returned by get-entries do not produce the root hash indicated by an STH.
- A certificate is found that is outside the log's expiry range.
Note that SSLMate doesn't submit (pre)certificates or request proofs (log integrity is verified by hashing the results from get-entries) so problems with those log endpoints aren't reported.