Real-Time Certificate Info – 5,560,000,000 KeyChest Index

print
We have finally completed a GLOBAL certificate look-up table for real-time notifications in our re-designed KeyChest service. KeyChest has been using an external service to check for new certificates. This has become unsustainable due to the number of users and certificates we monitor.

We have seen big fluctuations in the performance of KeyChest.net since last Autumn. It was not hard to find that this was caused by downtimes and throughput limitations of a third-party cloud service we use to look-up certificate updates.

In January, it became clear that we are not able to implement any reliable real-time notifications without our own certificate look-up tables. We have done several test runs to create such tables to learn about the CPU, disk IOs and network bandwidth needed to run such tables with our bootstrapping budget.

In July, we finally created a light-weight design, which is efficient enough to be sustainable while giving us all the information we need in almost real-time. At the moment, we update the table within 30 seconds of the primary CT Log database with our goal being 10 seconds.

The size of the lookup table has passed 5,560,000,000 entries and is constantly growing. And the speed of the growth is absolutely astonishing. The chart below shows its growth over a 30-day period.

KeyChest Certificate Look-up Table

We are still to start properly analyzing the data, but there seems to be over 1,000,000 – 2,000,000 internet certificates expiring every day. It’s an astonishing number.

KeyChest – Radical Prime – design prototypes

An easy to use, a kind of “set up and forget” service is what many of us need to stay on top of all the certificates, which are expiring every day and can take any of our web services off-line without us noticing quickly enough.

https://keychest.net – register now, a new version with real-time notifications, extended management functions and a new design is coming soon.

 


About Author

Dan Cvrcek

Co-founder of Radical Prime and Enigma Bridge. Indendent consultant on security and encryption systems (incl. large banking, payment, and enterprise systems) ... and a university professor.