Certificate Transparency maintains publicly accessible logs listing TLS/SSL certificates, giving IT teams a way to track all the certificates associated with their domains. Until recently, searching CT logs has been difficult and costly, but Facebook’s new tool makes it easier for IT teams to find certificates they didn’t know about.
The previously internal-only Certificate Transparency Monitoring Developer tool lets anyone search major public CT logs for all certificates issued against a particular domain. Site owners can sift through the search results to identify certificates that were unknown (but are still legitimate) and flag those that were fraudulently or mistakenly issued so that they can be revoked.
