Certstream is a service that aggregates certificates from Certificate Transparency logs and streams them in real-time. It provides a firehose of newly issued SSL/TLS certificates that developers can filter and process.

How is certstream-server-rust different from certstream-server-go?

certstream-server-rust uses 12x less memory (22MB vs 254MB under load), delivers 9x faster latency (3.4ms vs 31ms), and provides 2.5x higher throughput. It also supports SSE and TCP in addition to WebSocket.

What protocols does certstream-server-rust support?

certstream-server-rust supports WebSocket, Server-Sent Events (SSE), and raw TCP streaming. This allows integration with browsers, command-line tools, and data pipelines.

Certstream server in Rust for real-time CT log streaming

Drop-in replacement for certstream-server and certstream-server-go. Stream certificates via WebSocket, SSE, and TCP. Monitor 60+ Certificate Transparency logs with 50K+ concurrent clients.

27 MB Memory (idle)

8.4ms Avg latency

48.6K/s Throughput

23% CPU (500 clients)

Get Started View on GitHub

docker run -d -p 8080:8080 reloading01/certstream-server-rust:latest

What you get

Built for security teams, researchers, and developers who need reliable CT monitoring

Multi-protocol streaming

WebSocket, SSE (Server-Sent Events), and raw TCP. Pick the protocol that fits your stack. SSE for browsers, TCP for pipelines.

State persistence

Resume from last position after restart. No certificate loss during maintenance or updates. Configurable state file.

Connection limiting

Per-IP and total connection limits. Production-ready protection against abuse.

Token authentication

Bearer token based auth for API access control. Multiple tokens supported. Configurable header name.

Hot reload config

Config changes apply without restart. File watcher detects updates. Zero-downtime configuration.

CT log health

Automatic retry with exponential backoff. Circuit breaker for unhealthy logs. Configurable health thresholds.

Prometheus metrics

Built-in /metrics endpoint. Connection counts per protocol, message throughput, CT log health.

Performance

Load tested with 500 concurrent WebSocket clients, 60 seconds (2 CPU cores, 2GB RAM per container)

Memory (idle)

27 MB

49 MB

230 MB

Memory (under load)

198 MB

309 MB

649 MB

CPU (under load)

23%

34%

206%

Throughput

48.6K/s

27K/s

19K/s

Avg Latency

8.4ms

9.2ms

26.8ms

P99 Latency

172ms

187ms

297ms

Rust vs Elixir: 8.5x less memory, 2.5x higher throughput. Rust vs Go: 1.6x less memory, 1.8x higher throughput.