The platform

Certificate Monitoring &
Compliance Management

One platform for certificate lifecycle management, TLS security analysis, attack surface visibility, and compliance reporting — built for operations and security teams.

Start free trial Book a demo

14-day free trial · Dedicated instance · EU hosted

app.certcontrol.pro — Control Center

CertControl control center — security score, exposure and operational metrics

What's included

Everything you need — in one platform

From real-time certificate tracking to attack path visualization. Built as one system, not five disconnected tools.

🔐

Certificate lifecycle management

Track every certificate — expiry, chain health, revocation (OCSP), SAN validation, risk scoring and ownership across all environments (prod, pilot, test, dev).

⚡

TLS & HTTP security analysis

Detect weak protocols (TLS 1.0/1.1), deprecated ciphers, and missing security headers (HSTS, CSP, X-Frame-Options). Full A+ to F grading per endpoint.

🎯

Attack path visualization

See how CVEs, shadow assets, and open ports connect into exploitable paths from internet to critical systems. Top 50 ranked paths with evidence.

📊

Executive reporting

Four professional report types: Executive Summary, Operational Risk, Expiry Forecast, and Change/Drift detection — print-ready for the board and audits.

🤖

ACME / Let's Encrypt automation

Automated issuance and renewal via HTTP-01 or DNS-01 challenges. Private keys encrypted at rest with AES-256-GCM. Removes the manual burden entirely.

🛰️

On-premise scanning agent

Lightweight Docker agent scans internal networks behind your firewall. Outbound HTTPS only — no inbound ports, no VPN, no remote execution.

Platform in action

Every view you need — built-in

Operations, control, executive reporting and attack-path exploration in one unified interface.

app.certcontrol.pro — Operations Dashboard

Operations Dashboard — 12-month certificate expiry forecast with urgency colour coding and per-month drill-down.

Control Center — unified command view with security score, exposure risk, attack surface and operational health on one screen.

Executive Summary — grade distribution, 30-day trend and finding impact score. Print to PDF for board and audit reporting.

Path Explorer — visual drill-down from internet into services, CVEs and business-critical assets with evidence.

Security by design

We practice what we preach

Security is not a feature added later. It's built into every line of code from day one.

AES-256-GCM

Secrets encrypted at rest

Passwords BCrypt-hashed. API keys and ACME private keys AES-256-GCM encrypted. Reset tokens SHA-256 hashed.

Zero inbound

Zero-trust agent architecture

Agents make outbound-only HTTPS calls. No inbound ports, no VPN, no remote execution capability.

CSRF + XSS

Full application security hardening

CSRF tokens on all state-changing requests. Output escaping everywhere. Content-Security-Policy enforced.

TOTP 2FA

Multi-factor auth & brute-force protection

TOTP 2FA with backup codes. 5 failed attempts triggers 15-minute lockout. Constant-time comparisons prevent timing attacks.

Immutable

Full audit trail

Every admin action, login and configuration change logged with timestamp, user and IP. Immutable audit log.

app.certcontrol.pro — Path Explorer

On-premise agent

Scan internal networks without opening firewalls

Cloud-only tools miss internal assets. CertControl deploys a lightweight Docker agent behind your firewall — it scans locally and pushes only metadata outbound.

Zero Trust

Outbound HTTPS only. No inbound ports, no VPN, no remote execution.

Privacy by Design

Internal hostnames replaced with [masked] before data leaves your network.

~200 MB Docker image

Alpine-based, non-root. Runs anywhere Docker runs. No database.

Offline resilient

Local disk spool queues results when cloud is unreachable. Never lose scan data.

How the agent works

🏢

Your internal network

TLS scan · OCSP check · HTTP headers · Service fingerprint · Hostname redaction

↓ Outbound HTTPS · HMAC-SHA256 signed · mTLS optional

☁️

CertControl Cloud

Unified dashboard · Security scoring · Expiry alerts · Push config to agents

Get started

Ready to see the full platform?

Start your 14-day free trial with full access, or book a guided demo with our team.