hefftools.dev
Infrastructure-focused data utilities

Download Certificate Transparency Logs as Normalized JSON

ct-cert-feed publishes deterministic daily snapshots of Certificate Transparency (CT) logs, normalized into stable JSON for bulk ingestion, historical replay, and offline analysis.

Overview Guides Pricing License Schemas & examples
Bulk CT log download Daily deterministic snapshots Normalized JSON schema Replayable by date No active scanning

Building a Certificate Transparency pipeline is harder than it looks

Teams that ingest CT logs directly often encounter operational complexity:

  • Fetching and paging CT log entries reliably at scale
  • Handling x509 vs precertificate entries correctly
  • Normalizing SAN DNS names and subject fields
  • Managing schema drift over time
  • Replaying CT data deterministically by date
  • Maintaining brittle parsing code across multiple logs
ct-cert-feed provides a normalized daily snapshot so your team can focus on analysis instead of maintaining CT ingestion infrastructure.

Technical guides

If you’re evaluating CT ingestion or building internally, start here:

These guides include the failure modes ct-cert-feed was built to eliminate: short reads, partial pages, retries/backoff, and x509 vs precertificate handling.

What ct-cert-feed provides

A deterministic daily snapshot of certificate lifecycle facts derived from selected public CT logs. Each record represents one CT entry.

  • CT log metadata (log name, index, timestamp)
  • Entry timestamp
  • Certificate serial number
  • Validity window (not_before, not_after)
  • Subject and issuer attributes
  • SAN DNS names
  • Public key algorithm and size
  • Signature algorithm
  • Precertificate metadata (when applicable)

The dataset contains structured facts only. No scoring or enrichment is applied.

Snapshot format

Each daily snapshot is delivered as:

records.jsonl.gz   # newline-delimited JSON (gzip)
stats.json         # totals + per-log breakdown

Designed for bulk ingestion into Postgres, analytics systems, or custom pipelines.

Designed for

  • Certificate inventory systems
  • Attack surface management platforms
  • Security research teams
  • Compliance and lifecycle analytics
  • Offline CT log analysis and replay

What this is not

  • Not a TLS monitoring service
  • Not an alerting system
  • Not a vulnerability scanner
  • Not a policy enforcement engine
  • Not an active internet-wide probe
ct-cert-feed publishes normalized CT data only. Interpretation and risk analysis belong downstream.

Schema & examples

Canonical schema definitions and sample artifacts are published publicly for evaluation.

View schemas & examples on GitHub

Access

Current daily snapshots are delivered via authenticated HTTPS. Stable URLs and deterministic date-based paths are provided for automation.

For licensing inquiries, email [email protected]. Include organization, intended use, and retention requirements.

© HeffTools
Overview · Guides · Pricing · License