Real-time Certificate Transparency log streaming

Drop-in replacement for certstream-server. Streams via WebSocket, SSE, and TCP. Server-side filtering, 60+ CT logs, handles 50K+ concurrent clients.

~12 MB Memory (idle)

0.33ms Min latency

50K+ Max clients

~6% CPU (500 clients)

Try Live Demo View on GitHub

docker run -d -p 8080:8080 reloading01/certstream-server-rust:latest

What you get

Built for security teams, researchers, and developers who need reliable CT monitoring

Multi-protocol streaming

WebSocket, SSE (Server-Sent Events), and raw TCP. Pick the protocol that fits your stack. SSE for browsers, TCP for pipelines.

Server-side filtering

Filter by domain, issuer, or log source with regex. Exclude patterns supported. Reduce bandwidth at the source.

State persistence

Resume from last position after restart. No certificate loss during maintenance or updates. Configurable state file.

Rate & connection limiting

Configurable rate limits per second with burst. Per-IP and total connection limits. Production-ready protection.

Token authentication

Bearer token based auth for API access control. Multiple tokens supported. Configurable header name.

Hot reload config

Config changes apply without restart. File watcher detects updates. Zero-downtime configuration.

CT log health

Automatic retry with exponential backoff. Circuit breaker for unhealthy logs. Configurable health thresholds.

Prometheus metrics

Built-in /metrics endpoint. Connection counts per protocol, message throughput, CT log health.

Performance

Load tested with 1,000 concurrent WebSocket clients (same machine, same conditions)

Memory (idle)

~12 MB

~100 MB

Memory (avg under load)

22 MB

254 MB

CPU (avg under load)

~15%

~34%

Latency (avg)

3.4ms

31ms

Latency (min)

0.16ms

1.7ms

Throughput

677K msg

267K msg

Rust: 12x less memory, 9x faster latency, 2.5x higher throughput.

Use cases

How teams use certificate transparency monitoring

Phishing detection

Monitor new certificates for lookalike domains. Catch typosquatting and homograph attacks before they become active threats.

Brand monitoring

Track certificates mentioning your brand, trademarks, or product names. Get notified of potential impersonation attempts.

Security research

Analyze certificate issuance patterns, CA behavior, and the overall SSL ecosystem. Build datasets for academic research.

Compliance

Monitor certificate lifecycle across your organization. Track issuance, expiration, and ensure proper certificate hygiene.