--- title: "SSL Certificate Manager for All Domains | WebPixie" description: "Manage SSL certificates for all your domains in one place. Track expiry dates, crypto algorithms, TLS versions, and chain status with centralized visibility." canonical: "https://webpixie.io/features/certificates-manager" source_path: "/features/certificates-manager" lang: "en" generated_by: "scripts/generate-md.mjs" --- [Back to Features](/features.md) Certificate manager # Certificate Transparency monitor for all your domains See every certificate issued for your domains and subdomains in public Certificate Transparency logs: common name, validity window, issuer, and serial number. Start monitoring free CT log inventory Subdomain discovery Free plan, no credit card Certificate monitoring is included in the free plan. [Compare all plans](/pricing.md) ### Discover subdomains you are not monitoring yet The same Certificate Transparency data reveals subdomains across your domain, collected from CT log entries and your main certificate's SANs. Add any of them to monitoring in one click. ## How the Certificates Manager works The Certificates Manager periodically pulls public Certificate Transparency (CT) logs for each domain you monitor and lists every certificate seen for it and its subdomains. For each entry you get the common name, identity (SAN), validity window (not before and not after), issuer, and serial number. CT logs record every certificate issued by every public CA, so this is where you catch a certificate you did not expect: a mistaken issuance, a compromised CA, or an unauthorized certificate for your brand. CT data is shown for review; the alerts come from SSL monitoring. It is enabled automatically when SSL monitoring is on, with nothing extra to install. The per-site certificate checks (chain, expiry, TLS, cipher) live in SSL monitoring; the Certificates Manager is the CT-log view across your domains and subdomains. 01 ### See every certificate issued for your domain A Certificate Transparency log inventory Certificates can be issued for your domain by any public CA, from anywhere. The Certificates Manager lists every certificate seen in CT logs for your domain and its subdomains, each with its common name, SAN, validity window, issuer, and serial number, so you have one place to review what exists. 02 ### Spot unexpected or unauthorized issuance Catch a certificate you did not request An attacker who obtains a valid certificate for your domain can impersonate your site convincingly. Because CT logs are public and complete, a certificate you did not request shows up here, so you can investigate a mistaken issuance, a compromised CA, or an outright unauthorized certificate. 03 ### Discover subdomains from your certificates Surfaced from CT logs and certificate SANs The same CT data reveals subdomains you may not be monitoring yet, collected from CT log entries and the SANs on your main certificate. Each discovered subdomain comes with an Add Site action, so turning a discovery into a monitored site is one click. 04 ### Works with SSL monitoring Enabled automatically, no separate setup The Certificates Manager turns on with SSL monitoring, with nothing extra to configure. The per-site chain, expiry, TLS, and cipher checks live in SSL monitoring; the Certificates Manager is the Certificate Transparency view that sits alongside them. ### See all your certificates in 60 seconds Free plan, no credit card. Included on every plan. [Start monitoring free](https://app.webpixie.io/app?lang=en&utm_source=website&utm_medium=website_link&utm_campaign=features_certificates_manager&utm_content=mid_cta) ## Everything you need to monitor a website. In one workspace. A quick look at other WebPixie features. Certificates See every certificate and its expiry in one place. Currently viewing [Uptime](/features/uptime-monitoring.md) Catch downtime first with multi-region and keyword checks. Learn more [Domain](/features/domain-monitoring.md) Never be caught off guard by a domain renewal or transfer. Learn more [DNS](/features/dns-monitoring.md) Spot unexpected DNS and DNSSEC changes with daily checks. Learn more [SSL](/features/ssl-monitoring.md) Get warned 15 days before certificates expire, with daily SSL checks. Learn more [Link Crawler](/features/link-crawler.md) Find broken links before your visitors do. Learn more [Main Page Analyzer](/features/main-page-analyzer.md) Find what slows down or breaks your homepage. Learn more [Indexability](/features/indexability-checker.md) Check whether search and AI engines can access your content. Learn more [Incidents](/features/incident-management.md) Track failures from detection to resolution in one place. Learn more [API](/features/api-integration.md) Automate monitoring with the GraphQL and REST API. Learn more [Workspaces](/features/workspace-management.md) Organize monitoring and bring your team into one workspace. Learn more ## Why teams choose WebPixie for certificate management ### Set up in 60 seconds No agent to install. The Certificates Manager turns on with SSL monitoring; add a domain and WebPixie pulls its Certificate Transparency history. ### Your whole site in one workspace The certificate inventory sits next to uptime, SSL, DNS, domain, and link health, with one dashboard across all of them. ### Built on SSL monitoring Per-site validation and expiry alerts come from SSL monitoring; the Certificates Manager is where you review the Certificate Transparency inventory. ### Frequently Asked Questions Common questions about the certificate manager. ### What certificate details does WebPixie surface? WebPixie surfaces certificate validity, chain trust, expiration, TLS configuration, and ownership details for each monitored site. [SSL monitoring](/features/ssl-monitoring.md) extracts the full certificate chain from leaf to intermediate to root, then verifies cryptographic signatures for RSA and EC/ECDSA certificates. It also reports TLS version, cipher suite, key exchange, key strength, Subject Alternative Names, OCSP and CRL endpoints, and Extended Key Usage OIDs. Expiration tracking is included, with default warnings 15 days before a certificate expires so teams have time to renew. SSL check failures and expiration events can create incidents through [incident management](/features/incident-management.md), depending on your plan. Teams managing several domains can use the [Certificates Manager](/features/certificates-manager.md) to keep certificate status centralized across domains and subdomains. ### Can I track SSL certificate status? Yes, WebPixie tracks SSL certificate status, expiration, trust chain, and TLS configuration for monitored sites. [SSL monitoring](/features/ssl-monitoring.md) runs daily checks that validate the full certificate chain from leaf to intermediate to root, verify cryptographic signatures, and inspect TLS version, cipher suite, key exchange, and key strength. WebPixie also surfaces Subject Alternative Names, OCSP and CRL endpoints, and Extended Key Usage OIDs; Certificate Transparency entries are available in the Certificates Manager. Expiration alerts are sent by default 15 days before a certificate expires, giving your team time to renew before visitors see browser warnings. SSL check failures and expiration events can create tracked incidents through [incident management](/features/incident-management.md), depending on your plan. If you manage several domains or subdomains, use the [Certificates Manager](/features/certificates-manager.md) to keep certificate health centralized. ### How does WebPixie use Certificate Transparency logs? The [Certificates Manager](/features/certificates-manager.md) periodically pulls Certificate Transparency logs for each domain you add and lists the certificates issued for it and its subdomains. For every certificate it shows the common name, the identity or SAN, the validity window, the issuer, and the serial number, so you have a running record of what has been issued in your name. Certificate Transparency is a public, append-only log that certificate authorities write to when they issue a certificate, which makes it possible to spot issuance you did not expect. This is different from [SSL monitoring](/features/ssl-monitoring.md), which validates the certificate your own site actually serves; the Certificates Manager watches what exists in the public record. It is enabled automatically when SSL monitoring is active, and you can compare plan limits on the [pricing page](/pricing.md). ### Will I receive a warning before my SSL certificate expires? Yes, WebPixie checks SSL certificates daily and sends expiration warnings by default 15 days before renewal is due. [SSL monitoring](/features/ssl-monitoring.md) reads the certificate chain, verifies trust, checks the expiration date, and surfaces details such as issuer, subject names, TLS version, cipher suite, and OCSP and CRL endpoints. Early warning matters because an expired certificate can trigger browser security warnings, block customer trust, and make checkout, login, or form submission feel unsafe. If a certificate check fails or expiration reaches an alert threshold, WebPixie can notify your team and, on supported plans, create an incident through [incident management](/features/incident-management.md). Teams with several domains or subdomains can use the [Certificates Manager](/features/certificates-manager.md) to keep certificate status visible in one place. ### Can WebPixie detect unexpected certificates issued for my domain? Yes. Because the [Certificates Manager](/features/certificates-manager.md) reads Certificate Transparency logs, it surfaces certificates issued for your domain and subdomains even when they were not requested through your own process. An unexpected certificate can signal a misconfiguration or an unauthorized issuance, and seeing it in the log is the first step to acting on it, so you can tell a legitimate renewal from something that warrants review. The same data set powers subdomain discovery: subdomains found in Certificate Transparency logs and in your main certificate's SANs are listed with an action to start monitoring each one. WebPixie reports what the public record shows; it does not issue, renew, or revoke certificates, which stays with your certificate authority. This complements the per-site checks in [SSL monitoring](/features/ssl-monitoring.md), and you can compare plan limits on the [pricing page](/pricing.md). [See all FAQs](/resources/faq.md) ### Ready to see every certificate? Free plan, no credit card. Certificate Transparency log inventory across all domains. [Start monitoring free](https://app.webpixie.io/app?lang=en&utm_source=website&utm_medium=website_link&utm_campaign=features_certificates_manager&utm_content=bottom_cta) [See all features](/features.md) ## Source Attribution This file is automatically generated by WebPixie AI and summarizes publicly available content from WebPixie pages. Authoritative details should always be verified from the original URLs.