How Cert Spotter Helps

Cert Spotter tracks your organization's certificates to enhance your reliability and security.

Stop Data Theft from DNS Tampering and BGP Hijacking

Although HTTPS is an encrypted protocol, its security rests on two unencrypted protocols: BGP and DNS. Even if you have perfect HTTPS, an attacker who can subvert DNS or BGP can obtain trusted certificates for your domain and intercept all traffic between your customers and your website, exposing your business to liability and reputational damage.

BGP and DNS both have a history of subversion. In 2018, a BGP hijack of Amazon's Route 53 DNS service was used to steal cryptocurrency. In 2019, US-CERT detected a global campaign to hijack DNS infrastructure.

After compromising DNS or BGP, attackers must request a publicly-trusted certificate so they can intercept traffic to your site without triggering browser warnings. Cert Spotter detects and notifies you when an unknown certificate is issued, allowing you to respond and remediate the compromise. The Department of Homeland Security requires that all federal agencies use a Certificate Transparency monitor such as Cert Spotter to detect DNS infrastructure tampering. Sign up for notifications

Avoid Outages and Instability Caused By Shadow IT

It has happened to nearly every large enterprise: a well-meaning but hurried employee needs to launch a service, but instead of using the company's official vendor, gets the certificate for the service directly from another vendor, possibly for free. Everything works fine at first, but when the certificate expires, expiration reminders are sent to the employee's email address, which might be unmonitored if the employee has left the company. The result is an expired certificate, causing an outage, loss of business, and bad publicity.

Cert Spotter will inventory the certificates for your domains so you can find certificates that were issued outside your normal process - before they expire and cause an outage. Sign up for notifications

Even before a certificate expires, it might need to be replaced because it's using an out-of-date security standard or was issued by a distrusted certificate authority. Cert Spotter can help you find these certificates and replace them before browsers start rejecting them. Sign up for Cert Spotter API

Prevent Reputational Damage from Sub-Domain Takeover

Phishers and malware distributors often take over sub-domains of reputable websites and use them to host their campaigns, taking advantage of the site's reputation to make their campaigns more effective. Failure to shut down a sub-domain takeover can severely tarnish your reputation and affect search engine rankings as your business becomes associated with fraud.

Cert Spotter detects and notifies you about certificates issued to rogue sub-domains, allowing you to shut down sub-domain takeover before your reputation suffers. Sign up for notifications

Reduce Your Risk From Insecure Certificate Authorities

There are over a hundred certificate authorities that are trusted to issue certificates for any domain on the Internet. Even if you choose a top-tier certificate authority, an attacker can exploit a less rigorous certificate authority to obtain unauthorized certificates for your domain, and there is a long history of failures by certificate authorities. Once they've obtained a certificate for your domain, the attacker can impersonate your site and steal the data transmitted by your customers, exposing your business to liability and reputational damage.

Cert Spotter can detect and notify you when a certificate is issued by an unauthorized certificate authority, allowing you to quickly respond to the attack. Sign up for notifications

Start Monitoring with Cert Spotter Today

Better visibility means better uptime and security. Cert Spotter gives you the visibility you need for your certificates.

Click to sign up