Certi: Your Python-Based SSL Transparency Log Monitoring Tool

Introduction

Certi is a powerful Python-based SSL Transparency log monitoring tool designed to help you keep track of your issued SSL certificates. In this guide, we’ll explore what certificate logs are, the features of Certi, the components and frameworks it uses, its limitations, and the supported notification services. Additionally, we’ll provide you with a step-by-step installation guide and explain how to manage the application effectively. By the end of this guide, you’ll be well-equipped to utilize Certi for SSL certificate monitoring.

How-to Guide: SSL Certificate Monitoring with Certi

Understanding Certificate Logs

Certificate logs are append-only ledgers that record issued certificates. They are distributed, independent, and verifiable by monitors. Anyone with the technical skills can run a certificate log, making it accessible to domain owners, browsers, academics, and more. Certificate logs allow analysis and monitoring of certificate issuance, including the Certificate Authorities (CAs) involved, issuance times, and associated domains.

Exploring Certi’s Features

Certi offers the following features:

• Monitoring all your domains for certificates.
• Receiving alerts through multiple communication channels using Apprise.
• Managing your domains via a REST API with Swagger documentation included.

Components and Frameworks

Certi utilizes the following components and frameworks:

• Loguru for logging.
• FastAPI for the REST API.
• Apprise for notifications.

Understanding Limitations

Certi relies on the sslmate search API, which has some limitations. These limitations include:

• 100 single-hostname queries per hour.
• 10 full-domain queries per hour.
• 75 queries per minute.
• 5 queries per second. Ensure you are aware of these limitations to prevent exceeding the search API’s capabilities.

Supported Notifications

Certi supports various notification services. Here are some popular services that can be used:

• Discord
• MQTT
• Pushjet
• Slack
• Telegram
• And many others that can be found here

Installation with Docker Compose

You can install Certi using Docker Compose. Create a docker-compose.yml file with the following configuration:

version: "3.6"
services:
  certi:
    image: techblog/certi
    container_name: certi
    restart: always
    ports:
      - "8081:8081"
    environment:
      - API_KEY=
      - SLEEP_TIME=
      - NOTIFIERS=
      - LOG_LEVEL=
    volumes:
      - ./data:/opt/certi/db

Don’t forget to fill in your API_KEY, set SLEEP_TIME, and specify your NOTIFIERS. Mount the volume for the application database to prevent data loss.

Environment

• API_KEY — API key for sslmate search API.
• SLEEP_TIME — Time between scans (Default is 7200, which is 2 hours) — To prevent exceeding the search API limits.
• NOTIFIERS — List of Supported Notifications
• LOG_LEVEL — Optional values are: DEBUG (default), INFO, ERROR

Managing the Application

Certi provides a REST API endpoint for easy management. The default port is 8081. You can access Swagger documentation by adding “/docs” to the end of the URL (e.g., [http://docker:8081/docs]). The API includes endpoints for managing domains and certificates, such as adding, deleting, and updating domain status.

Summary

Certi is a versatile SSL certificate monitoring tool based on Python. It allows you to monitor SSL certificate issuance and ensures the security of your certificates. In this guide, we covered the basics of certificate logs, explored Certi’s features, examined its components and frameworks, noted its limitations, and discussed supported notification services. We also provided a step-by-step guide for installation and managing the application via its REST API. With Certi, you can proactively manage your SSL certificates and maintain a secure online environment.