| (Pre)certificates Observed | |
|---|---|
| Issuances Observed | |
| Revocations Observed | |
| Log Entries Downloaded | |
| STHs Audited | |
| SCTs Audited | |
| Disk Space Used | GB |
Logs Monitored By SSLMate
SSLMate downloads the log lists published by Apple, Chrome, and Android and monitors all logs which are Qualified, Usable, or ReadOnly on any platform. SSLMate monitors both RFC 6962 and static-ct-api logs. This ensures that any certificate accepted by Apple, Chrome, Android, Firefox, or Edge (the latter two use Chrome's log list) will be detected by the Certificate Search API or Cert Spotter. If we encounter a problem monitoring a log, we report it to Apple and Chrome so that the log can be repaired or distrusted as appropriate.
To broaden our coverage, we may monitor additional logs on a best-effort basis if they contain unexpired, publicly-trusted SSL certificates. We do not monitor logs which are intended for private or non-SSL certificates.
| Log Name | Size | Backlog | Ingest Rate | get-sth Error Rate | ||||
|---|---|---|---|---|---|---|---|---|
| Download | Verify | 1 day | 7 days | 90 days | ||||
OPML Meta-Feed of all Log Error Feeds CSV of Logs Known to SSLMate
Logs Previously Monitored By SSLMate
These logs are no longer monitored by SSLMate, but any unexpired certificates in these logs are still available through the Certificate Search API or Cert Spotter.
| Name | Downloaded Entries |
|---|
Glossary
- Issuances Observed
- The number of distinct certificate/precertificate pairs that have been ingested by SSLMate. You can search these (pre)certificates using the Certificate Search API or Cert Spotter.
- Download Backlog
- The number of entries which are in the log but which haven't been downloaded by SSLMate. These (pre)certificates are not yet available from the Certificate Search API or Cert Spotter unless SSLMate has downloaded them from a different log.
- Verify Backlog
- The number of entries which are in the log but which haven't been verified by SSLMate as being part of a signed tree head.
- Ingest Rate
- The number of log entries per second that SSLMate is ingesting from the log.
- get-sth Error Rate
- The percentage of get-sth or checkpoint calls which were unsuccessful. SSLMate makes a get-sth or checkpoint call to every log every 5 minutes. Logs frequently have transient errors, so a non-zero error rate is not a cause for concern. If the error rate is 100%, then SSLMate may not know the true size of the log, which we will investigate.
Error Feed
To help log operators detect problems with their logs, SSLMate publishes an Atom feed for every log (linked above) that reports the following problems:
- Error downloading, parsing, or authenticating an STH or checkpoint.
- Error downloading or parsing entries from get-entries or data tiles.
- Error downloading or parsing issuers (static-ct-api only).
- The entries from get-entries or the data tiles do not produce the root hash indicated by an STH/checkpoint.
Note that SSLMate doesn't submit (pre)certificates, request proofs, or download non-data tiles (log integrity is verified by hashing the leaves from get-entries or the data tiles) so problems with those log endpoints aren't reported.