Real-Time Certificate Info — 5,560,000,000 KeyChest Index

Dan Cvrcek
Cyber Shards
Published in
2 min readSep 10, 2018

We have finally completed a GLOBAL certificate look-up table for real-time notifications in our re-designed KeyChest service. KeyChest has been using an external service to check for new certificates. This has become unsustainable due to the number of users and certificates we monitor.

We have seen big fluctuations in the performance of since last Autumn. It was not hard to find that this was caused by downtimes and throughput limitations of a third-party cloud service we use to look-up certificate updates.

In January, it became clear that we are not able to implement any reliable real-time notifications without our own certificate look-up tables. We have done several test runs to create such tables to learn about the CPU, disk IOs and network bandwidth needed to run such tables with our bootstrapping budget.

In July, we finally created a light-weight design, which is efficient enough to be sustainable while giving us all the information we need in almost real-time. At the moment, we update the table within 30 seconds of the primary CT Log database with our goal being 10 seconds.

The size of the lookup table has passed 5,560,000,000 entries and is constantly growing. And the speed of the growth is absolutely astonishing. The chart below shows its growth over a 30-day period.

The Growth of KeyChest Certificate Lookup Table

We are still to start properly analyzing the data, but there seems to be between 5,000,000–15,000,000 internet certificates expiring every day. It’s an astonishing number.

An easy to use, a kind of “set up and forget” service is what many of us need to stay on top of all the certificates, which are expiring every day and can take any of our web services off-line without us noticing quickly enough. — register now, a new version with real-time notifications, extended management functions and a new design is coming soon.



Dan Cvrcek
Cyber Shards

Security wizard, banking consultant, turning technology into magic and back. Past: Uni. of Cambridge, Deloitte, banks.