New TLS certificate scanner

ShadowTrackr has been using the SSLLabs engine to scan certificates for a few years now. This has been performing consistently well until a few weeks ago.

First, performance started to drop. Then errors started appearing. Then, the errors (mostly false positives on trust issues) went away, but performance was still bad. Next, some errors reappeared again.

We strive to provide you a good service and could no longer do this with the SSLLabs engine. This weekend, the engine got swapped with a new one that is running entirely on our own servers. The SSLLabs grading scheme is still the best out there that we know of, so we do stick to that. And most of the other options are the same as well, including the reports.

Since we run the scans from our own servers now, more options are opening up. These will require some time to implement, but expect scans of certificates running on mailservers and other ports and some extra security checks somewhere in the next few months.

For now, all certificates have to be rescanned and we’ll likely have some fine-tuning to do. You might see less certificates in today’s weekly pdf due to this.