Certificate Transparency Log Search
What Is Certificate Transparency?
Certificate Transparency (CT) is a security framework created by Google that requires Certificate Authorities (CAs) to publicly log every SSL/TLS certificate they issue. These logs are append-only, publicly auditable records that anyone can search and monitor. CT was designed to solve a critical problem: before its introduction, there was no reliable way to detect when a CA issued an unauthorized certificate for a domain.
The CT system works through a network of publicly operated log servers. When a CA issues a certificate, it must submit it to one or more CT log servers, which return a Signed Certificate Timestamp (SCT) as proof of inclusion. Modern browsers require certificates to include SCTs to be considered trusted. Since 2018, Chrome requires all new certificates to be logged in at least two CT logs, and other browsers have adopted similar requirements.
Monitoring CT logs is important for security-conscious domain owners. If a Certificate Authority is compromised, coerced, or mistakenly issues a certificate for your domain, the CT log will reveal it. This allows you to detect the unauthorized certificate quickly and take action: contact the CA to revoke it, investigate how it was issued, and implement additional protections like CAA (Certificate Authority Authorization) DNS records that restrict which CAs can issue certificates for your domain.
Our tool searches CT logs via the crt.sh database, which aggregates certificate data from multiple CT log servers. Results show all certificates ever logged for a domain, including the issuing CA, common name, Subject Alternative Names, and validity dates. This is useful for security auditing, discovering subdomains (since SANs are included in certificates), and verifying that your certificate renewals are working correctly.
After searching CT logs, verify your current certificate with our SSL Checker, check your domain expiry date, or look up registration details with WHOIS Lookup.
Frequently Asked Questions
What is Certificate Transparency?
Certificate Transparency is a framework requiring CAs to publicly log every certificate they issue. These append-only logs allow domain owners to monitor and detect unauthorized certificate issuance.
Why should I monitor CT logs for my domain?
Monitoring helps detect unauthorized certificates. If a CA is compromised or tricked, CT logs reveal the fraudulent certificate so you can take action before it is used for phishing or interception.
What information does a CT log entry contain?
Each entry includes the common name, SANs, issuing CA, validity period, public key, and signature algorithm. This helps verify only authorized certificates exist for your domain.
Are all SSL certificates in CT logs?
Since 2018, all major browsers require CT logging for trust. Virtually all publicly trusted certificates appear in CT logs. Older certificates and private CA certificates may not be included.