We have released a new verion of CertAlert that makes certificate discovery even faster. Please give it a try and let us know what you think. 

-- Phil

CertAlert will, of course, find and monitor certificates used to secure  HTTPS, SMTPS, LDAPS, POP3S etc. It will now also discover and monitor SSL/TLS certificates used with the STARTTLS SMTP extension as described in RFC 3207.  See this new article we've just put up: Checking STARTTLS SMTP Certificates With CertAlert for more details.

-- Phil

The SSL certificate you want to check may not always be on the default https port of 443. For example, you may wish to check your LDAP server's certificate on port 636. SSL Checker now allows you to specify the port by using any of the following formats:

• http://imap.aol.com:993
• imap.aol.com:993
• http://www.amazon.com (will use the default 443 port)

Please don't hesitate to ask if you would like to see other features added to SSL Checker.

--Phil

Just to let you know, we've made some updates recently to the SSL Certificate Discovery and Monitoring tool. These include:

•     Pre Check option which can speed up the discovery phase
•     Including the certificate in reports is now configurable
•     Tidied up some configuration settings

We have updated SSL Cert Checker, our combined SSL Checker, Certificate Discovery, and Certificate Monitoring Tool. In response to requests, it now supports sending expiry alerts and reports via authentciated SMTP servers. If you would like to try it out, please use this request form or drop us an email. 

-- Phil

Cert Checker, our SSL certificate discovery and monitoring tool, has been updated so that its output can now be imported into Cert Centre, our certificate management product. Once the certificate details have been imported into Cert Centre you will have a consolidated view of your certificates across multiple CAs. Cert Centre also allows non SSL certificates to be imported making it much easier to track all types of X.509 certificates from a single dashboard. 

-- Phil

Do you know if any of your deployed certificates contain Debian weak keys? We have added a short article to the Cert Logik web site describing what methods are available to help you find Debian weak keys within CSRs, certificates, and also within SSL certificates installed on your network.

-- Phil

We've just added a video of our web based Bulk SSL Checker to the Cert Logik website. The Bulk SSL Checker tool is simple to use:

1. Create an account (so we can email you the results)

2. Log in

3. Upload a text file containing the list of the hostnames you want to check - each hostname should be on a separate line

That's it. Once we've processed your file, we'll email you the results. 

-- Phil

In response to user requests, we've added a couple of small features to our certificate expiry checker. The first feature allows you to locate the file that contains the list of servers or IPs to scan for certificates in a different location to the certificate monitor itself. You can, of course, still scan for certificates by IP range if you prefer. The second feature allows certificate expiry alerts and certificate expired alerts to be sent to a different email address than the SSL certificate report itself. This may be useful if you would like to have expiry alerts go straight to the helpdesk while only sending certificate reports to the IT security team for example.

-- Phil

To make it even easier to view the results from an SSL certificate scan, we are bundling a lite version of our Cert Centre product with our SSL Certificate Discovery and Certificate Monitoring products. Below is a screenshot from Cert Centre Lite: