PostgreSQL Support for Certificate Transparency Logs Now Available

Semi-relatedly, you can connect to the crt.sh Postgres instance and query it directly with SQL:

    psql -h crt.sh -p 5432 -U guest certwatch

To generate the SQL queries in the web UI, simply click “advanced” and then the “Show SQL” checkbox, or append it to the URL, like so:

    https://crt.sh/?q=www.comodo.com&showSQL=Y

(Note the generated SQL at the bottom of that page.)

Steampipe also has a crt.sh connector: https://hub.steampipe.io/plugins/turbot/crtsh/tables/crtsh_c...

This title reads strange to me, as though postgres certificates, used when connecting using TLS, will be visible in the CTL.

Better would be: CTL can now use a postgres backend.

> However, a CT log failure earlier this year due to MariaDB corruption after disk space exhaustion provided the motivation for a change. PostgreSQL, with its robust Write-ahead Logging (WAL) and strict adherence to ACID (Atomicity, Consistency, Isolation, Durability) principles, made it a better option for avoiding corruption and improving data integrity of the log.

This sounds incredibly suspicious to me. I wonder which storage engine they were using or if there was any unusual configuration that contributed to this issue.

> a CT log failure earlier this year due to MariaDB corruption after disk space exhaustion provided the motivation for a change.

Translation: we had data loss and had to change storage provider to one that works.

Are there Merkle hashes between the rows in the PostgreSQL CT store like there are in the Trillian CT store?

Sigstore Rekor also has centralized Merkle hashes.