Certificate Transparency Logs

Every SSL/TLS certificate ever issued for a domain, sourced from public CT logs — use it for subdomain discovery, CA auditing and expiry monitoring.

Direct TLS probe (~3s) + full history via crt.sh • Includes subdomains • Results deduplicated

Establishing secure TLS connection…
Analysing certificate transparency records for
Live certificate handshake & validation
Retrieving full issuance history from CT logs
Analysing certificates & compiling intelligence
Live certificate available in ~3s • complete history may take up to 40s

What We Analyse

5 intelligence layers

CT Log Inspector retrieves every SSL/TLS certificate ever issued for a domain from public Certificate Transparency logs, combined with a live TLS probe of the current active certificate.

Live TLS Probe
Direct TLS handshake to port 443 fetches the currently active certificate in real time, with full chain details, fingerprint and expiry.
CT Log History
Full issuance history sourced from crt.sh — every certificate ever logged for the domain, including expired and revoked ones.
SAN Coverage
Lists all Subject Alternative Names per certificate — useful for subdomain discovery, wildcard coverage auditing and attack surface mapping.
Issuer & CA Chain
Shows the full certificate authority chain: leaf certificate, intermediate CA(s), and root CA — confirming trust hierarchy and issuer legitimacy.
Validity & Expiry
Parses valid-from and not-after dates for every certificate, highlights expired or imminently expiring certs, and calculates days remaining.