-
Indeed, a CT monitor which sends alerts about legitimate certificates is pretty much useless due to noise. My service, Cert Spotter, provides an API endpoint[1] which you can upload your CSRs to, so you don't get alerted about certificates using the same key as the CSR. The open source version of Cert Spotter can invoke a script[2] when a certificate is discovered, and the script can cross reference against a list of legitimate certs.
[1] https://sslmate.com/help/reference/certspotter_authorization...
[2] https://github.com/SSLMate/certspotter/blob/master/man/certs...
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
Is it just me, or would a recurring RIPE Atlas measurement be a great way to detect fuckery like this?
https://atlas.ripe.net/
-
check_ssl_cert
A shell script (that can be used as a Nagios/Icinga plugin) to check an SSL/TLS connection.
https://github.com/matteocorti/check_ssl_cert