CertHawk

CertHawk is a web app with an optional lightweight desktop/agent component that continuously inventories TLS certificates across internal networks, load balancers, APIs, VPN gateways, and shadow IT endpoints. It discovers certs by scanning IP ranges, parsing traffic from supported proxies, and integrating with common certificate stores and cloud load balancers. It then maps each certificate to owners, services, and renewal paths, and alerts on expirations, weak ciphers, misissued certs, and broken intermediate chains. The focus is operational reality: messy environments, unknown owners, and multiple CAs. It provides actionable runbooks (who to contact, where the cert lives, how it’s deployed) rather than generic “rotate your cert” advice. This is not a full PKI platform; it’s a pragmatic certificate visibility and outage-prevention tool for small-to-mid security and network teams.