Any sufficiently complicated SSL certificate renewal system contains an ad hoc, informally-specified, bug-ridden, slow implementation of half a certificate lifecycle manager. I’m taking credit for this one.
In this post we’ll build a Clickhouse database schema to store billions of Certificate Transparency Log entries.
In this post we’ll write Golang code to pull Certificate Transparency Log entries and process them at scale.
Every TLS certificate ever issued for a domain is recorded in public Certificate Transparency logs. Here’s how to search them to find mis-issued certificates, unauthorized changes, or infrastructure you didn’t know existed.