Certificate City

Distributed TLS Certificate Monitoring.

This project is available to try out at certificate.city.

Description

Certificate City is my reimagining of the perfect certificate monitoring service, and there's now a public site where you can test arbitrary certs that are publicly accessible at certificate.city. While I haven't added most of the features I want yet, the big idea is to plug a gap in the market that we've found at Dstny - we have hundreds of 90-day certificates that are managed by an automated process, and our existing monitoring solution is based on legacy software that needs replacing. Most monitoring solutions are too limited, either by testing HTTPS only, or by limiting the number of certificates regularly tested to a hundred or so.

Screenshots of assorted NetVis visualisations

Screenshot of the public interface for a certificate.city result.

Implementation

Originally I wanted to implement Certificate City using a RabbitMQ message broker to distribute requests from a single backend to lots of fetching "probes". I found this to be too inflexible though, and explored other options, finally settling on a simple Redis pub/sub setup. The frontend is SvelteKit and the API is Mojolicious (Perl), both frameworks that I love using. The infrastructure is configured by Ansible.


Future Work

This is the project that I would be most likely to turn into a real product to advertise to business customers, instead of eventually open-sourcing it. There's lots of scope to build in value-add features, several of which I've listed on the front page of the website. If you agree and you think it's a service that you would use, either at home or at work, please get in touch via - email address is on the home page of this site.