Platform · Trust Monitoring

Detect broken trust before users do.

By Updated

A non-expired certificate can still be broken — incomplete chains, revoked status, weak crypto, untrusted roots. MachineCert verifies trust across every certificate chain and flags failures before they reach the browser.

Scan your domain Book a demo
Chain validationRevocation checksWeak-crypto detection
trust monitor · acme-corp2 trust issues
Chain complete*.acme.comvalid
Revocationvpn.corprevoked
SHA-1 signaturelegacy.acmeweak
OCSP staplingapi.acme.comvalid
The problem

Valid isn’t the same
as trusted.

Expiry is only one way a certificate fails. Chain, revocation, and crypto problems break trust while the certificate still looks “valid.”

Incomplete chains

A missing intermediate makes a valid cert fail in some clients.

Revoked but live

A revoked certificate still served is a real security gap.

Weak cryptography

SHA-1 and short keys are technically valid but untrustworthy.

Untrusted roots

Certs chaining to the wrong root break trust silently.

How it works

Validate the whole
chain of trust.

1
Validate chain

Walk each cert’s chain to a trusted root.

2
Check revocation

Query CRL and OCSP for revoked status.

3
Inspect crypto

Flag weak algorithms and short keys.

4
Score & alert

Roll trust into the risk score and notify owners.

Architecture

Continuous trust
validation.

Trust checks
Certificateleaf · subject · SANs
Intermediate CAchain path · signature
Root CAtrusted anchor
Validation Statusrevocation · crypto · trust
Trust enginevalidate · score · alert
Output
Risk scoretrust factored in
Trust alertsowner notified
Remediation listwhat to fix
What you see

Chain validation dashboard.

trust · validation · acme-corp.com5 pass · 1 review · 0 fail
CheckDetailStatus
Leaf certificateCN=acme-corp.com · SAN · valid 90dpass
Intermediate CADigiCert TLS RSA SHA256 2020 CA1pass
Root CADigiCert Global Root G2 · trustedpass
RevocationOCSP · good · CRL · not listedpass
Crypto strengthRSA-2048 · SHA-256 · acceptablereview
Browser trustChrome / Firefox / Safari · trustedpass
Outcomes

Trust you can verify,
continuously.

Complete chains

Catch missing intermediates before clients do.

Revocation awareness

Find revoked certificates still in service.

Kill weak crypto

Surface SHA-1 and undersized keys to replace.

Trusted roots only

Detect certs chaining to the wrong anchor.

Trust in the score

Trust health folds into each risk score.

Fewer trust failures

No silent browser or client errors.

FAQ

Trust monitoring,
answered.

It’s continuously verifying that each certificate is actually trustworthy — its chain is complete and valid, it hasn’t been revoked, and it uses strong cryptography — not just that it hasn’t expired.
A certificate can be within its validity period yet still untrusted: a missing intermediate breaks the chain in some clients, a revoked certificate is a security risk, and weak crypto undermines the protection entirely.
MachineCert walks each certificate’s chain from the leaf up to a trusted root, confirming every link and signature is present and valid, and flags incomplete or misconfigured chains.
MachineCert queries Certificate Revocation Lists (CRLs) and the Online Certificate Status Protocol (OCSP) to detect certificates that have been revoked but are still being served.
Deprecated signature algorithms such as SHA-1, undersized RSA keys, and other weak or outdated cryptography that make a certificate untrustworthy even while valid.
Yes. Chain, revocation, and crypto findings feed directly into each certificate’s 0–100 risk score, so trust problems raise priority automatically.
Yes — trust failures generate alerts routed to owners and security teams via Slack, Teams, email, SIEM, and other channels.
Many frameworks require strong cryptography and proper certificate validation. Continuous trust monitoring provides ongoing evidence that these controls are met.
Explore the platform

Related capabilities

Risk scoringTrust folds into the score.Change monitoringDetect issuance changes.Expiration monitoringCatch expiry early.For security teamsRisk before it’s an incident.What is a Certificate AuthorityRoots and chains explained.ComplianceCrypto and validation controls.
Get started

Verify trust across every cert.

Scan your domain to check chains, revocation, and crypto strength on every certificate you own.

Book a demo