Check, watch, and plan for 100% HTTPS uptime

Loading...

Welcome to KeyChest

KeyChest of Enigma Bridge is the tool you need to stay on top of all your certificates and your boss, if you have any. You can use KeyChest to plan your renewals, get your weekly inventory summary and present your certificate KPIs (key performance indicators) to your boss or your team.

We don’t mind if you use KeyChest for your web servers, email servers, web services, or to keep your infrastructure running.  We treat all certificates equal, whether you paid $500 for each, got them free from Let's Encrypt, or created them yourself.

When you create an account, you can quickly populate your dashboard using domain names with wildcards to search for server and print the first set of KPIs within minutes.

 

Spot check

  • expiration date / validity of a certificate on the server
  • certificate chain completeness
  • correct name in the certificate
  • SSL/TLS version - it should be TLS version 1.2
  • HTTP Strict Transport Security (HSTS) flag from web servers
  • time gaps in certificates over the last 2 years
  • certificate neighbors - other domain names in the server’s certificate

Dashboard (subject to change)

  • plan for next 28 days
  • monthly certificate renewal estimates for next 12 months
  • incidents - servers without a valid certificate
  • certificate inventory over the last 12 months
  • several certificate statistics (issuers, domains per certificate, legacy certificates)
  • weekly emails with important indicators and tasks for next 28 days
  • tbd

Road map milestones

  • Dashboard launched - 27 Jun 2017
  • Bulk import and auto discovery of sub-domains - 10 July 2017
  • Strategy for enterprise version published - 14 July 2017
  • RESTful API, integrations - ?? August 2017
  • Dashboard update according to feedback - ?? August 2017
  • Enterprise version - ?? September 2017

Letsencrypt users seem to like letsmonitor.org - here’s how we compare

The following table compares features of KeyChest with Letsmonitor.org.

Feature

letsmonitor.org

keychest.net

Primary focus

networking
security

Views

rule-per-server views
all-in-one view

Adding new items

one server at a time
domains (with wildcards)

Tests

servers directly
CT logs (certificate transparency), and servers (optional)

Frequency

hourly
weekly and on demand

Emails

certs - once before expiration
weekly - inventory and planner for all certs

Monitoring

150+ stations
centrally, 1+ instances, additional instances for availability

Security tests

simple
  • certs expiry on selected servers
deployed, CT logs, cross-checking
  • expiry of deployed certs
  • all issued certs
  • difference between issued and effective certs

Will we ever charge you for this service?

Our plan is to keep this service free, including evolutionary features. We have some thoughts about subscriptions, but these will be only for substantial extensions of KeyChest, and customization of this service for on-premise monitoring of your internal infrastructure.

Enterprise version will evolve around features, which make sense for large companies: on-premise instances, user/role management, monitoring "sub-spaces", independent scanning agents, and security policies for internal certificates.

Get in touch if you want to chat. 

Feel free to email us at keychest@enigmabridge.com, if you have in mind particular details of a feature you’d like to see.

We are Enigma Bridge Ltd, 20 Bridge St, Cambridge, CB2 1UF, United Kingdom and we read keychest@enigmabridge.com
Terms of Service | Privacy Policy

Spot check is a powerful tool for quick assessment of the SSL/TLS configuration of your servers.

It resolves the DNS name you provide and runs a series of tests against that IP address - no automatic redirect, but it shows a redirect, if detected, so you can quickly run another check against the detected server.

The list of spot check tests: