Front End Interface for Google Certificate Transparency Monitoring
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
app
bin
config
db
lib
log
public
test
.gitignore
.travis.yml
Gemfile
Gemfile.lock
LICENSE.txt
README.md
README.rdoc
Rakefile
config.ru

README.md

ct_advisor_int

Build Status

ct_advisor is a proactive alerting tool for Google's Certificate Transparency.

Google offers a number of great options for an administrator to utilise this feature. Unfortunately being an early adopter, particularly if you run Windows servers or run SSL on appliances, makes it difficult to take advantage of this service.

As an alternative option, this service continually polls the CT log, and will trigger alerts if a certificate is ever registered for your domain, by any CA in the CT program. This can be used to identify fraudulent certificates.

This image this ct_advisor in action:

CT Advisor Email

ct_advisor_int is the front-end interface, which manages signups and unubscriptions, to the database shared with the backup.

The backend source code can be found here

This service is running live and, unless you are interested in development, users are encouraged to use my existing service in place of running it themselves.

Setup

The following items must configured in .env:

DEV_DB_PASS=xx
TEST_DB_PASS=xx
SMTP_HOST=xx
SMTP_USER=xx
SMTP_PASS=xx
RECAPTCHA_SITE_KEY=xx
RECAPTCHA_SECRET_KEY=xx

Management

Start:

RAILS_ENV=production puma -C config/puma/production.rb

Uninterupted restart:

kill -s SIGUSR2 `cat tmp/pids/puma.pid`

Contributing

  • In line with the above, potential contributors should be aware I am unlikely to merge and changes relating to features that I won't be using.
  • Complex functions must include tests
  • Leave your politics at the door