Diagnostic suite · live

Certificate Transparency Search

Every TLS certificate ever issued for a domain, straight from the public CT logs. Great for finding forgotten subdomains and spotting unauthorized issuance.

Certificate Transparency Search queries the public CT logs (via crt.sh) to return every publicly-trusted TLS certificate that has ever been issued for a domain. Since 2018, Chrome and other major browsers refuse to trust any publicly-issued certificate that is not logged, so CT is effectively a global, tamper-evident ledger of the entire public TLS ecosystem — a gold mine for reconnaissance, incident response, subdomain discovery, and detection of unauthorized certificate issuance.

For each certificate we show the common name, issuing CA, validity window, the number of Subject Alternative Names, and a direct link to the full record on crt.sh. Because SANs are indexed, requesting a domain with 'include subdomains' will surface hostnames you may have forgotten about — dev, staging, internal-*.example.com, one-off marketing subdomains — anything that has ever received a certificate. That's often the fastest way to enumerate the true attack surface of a target.

Combine CT Search with our CAA Lookup (which CAs are allowed to issue) and SSL Checker (what's live right now) for a complete picture of your TLS story. Security teams use it to spot mis-issuance immediately; DevOps teams use it to inventory certificates before a CA migration; bug-bounty hunters use it to discover overlooked hosts.

How to use this tool

  1. 1Enter the required value in the input field above (domain, IP, URL, or text depending on the tool).
  2. 2Click the action button to run the check — results are computed instantly from our edge network.
  3. 3Review the parsed output, key fields and any warnings shown in the result card.
  4. 4Copy the result, share the page URL, or jump to a related tool from the sidebar to continue debugging.

Key features

  • Every certificate ever logged, straight from crt.sh
  • Optional subdomain expansion for full attack surface
  • Issuer breakdown — spot rogue CAs at a glance
  • Active vs expired badge on every row
  • Direct crt.sh deep-link on each certificate ID
Related searches: crt.sh alternative · certificate transparency search · subdomain enumeration ct logs · find all ssl certs for domain · ct log lookup · public tls certificate history

Frequently asked questions

Certificate Transparency (RFC 6962) is an open framework where every publicly-trusted TLS certificate must be logged to append-only public ledgers. Browsers refuse untrusted certs, and anyone can audit issuance in real time.