Changelog

New updates and improvements at Cloudflare.

Subscribe to RSS
View all RSS feeds

← Back to all posts

Certificate Transparency Insights in Cloudflare Radar

Aug 06, 2025

Radar

Radar now introduces Certificate Transparency (CT) insights, providing visibility into certificate issuance trends based on Certificate Transparency logs currently monitored by Cloudflare.

The following API endpoints are now available:

• /ct/timeseries: Retrieves certificate issuance time series.
• /ct/summary/{dimension}: Retrieves certificate distribution by dimension.
• /ct/timeseries_groups/{dimension}: Retrieves time series of certificate distribution by dimension.
• /ct/authorities: Lists certification authorities.
• /ct/authorities/{ca_slug}: Retrieves details about a Certification Authority (CA). CA information is derived from the Common CA Database (CCADB) ↗.
• /ct/logs: Lists CT logs.
• /ct/logs/{log_slug}: Retrieves details about a CT log. CT log information is derived from the Google Chrome log list ↗.

For the summary and timeseries_groups endpoints, the following dimensions are available (and also usable as filters):

• ca: Certification Authority (certificate issuer)
• ca_owner: Certification Authority Owner
• duration: Certificate validity duration (between NotBefore and NotAfter dates)
• entry_type: Entry type (certificate vs. pre-certificate)
• expiration_status: Expiration status (valid vs. expired)
• has_ips: Presence of IP addresses in certificate Subject Alternative Names (SANs) ↗
• has_wildcards: Presence of wildcard DNS names in certificate SANs
• log: CT log name
• log_api: CT log API (RFC6962 ↗ vs. Static ↗)
• log_operator: CT log operator
• public_key_algorithm: Public key algorithm of certificate's key
• signature_algorithm: Signature algorithm used by CA to sign certificate
• tld: Top-level domain for DNS names found in certificates SANs
• validation_level: Validation level ↗

Check out the new Certificate Transparency insights in the new Radar page ↗.