Compare the certificate customers can receive
Domain Trust Watch compares the latest successful check with the previous certificate for that monitor. The diff focuses on fields teams review after renewals, CDN changes, and load-balancer updates.
- Issuer, serial number, SAN list, and fingerprint.
- Validity window, chain depth, and validation state.
- Probe failures that explain why the certificate could not be read.
| Field | Before renewal | After check | Why review it |
|---|---|---|---|
| Issuer | R3 | E6 | Confirms whether the expected CA or platform issued the served certificate. |
| SANs | www.example.com, example.com | example.com only | Catches missing hostnames before clients see mismatch errors. |
| Fingerprint | 4F:91:... | A8:22:... | Proves the public endpoint actually changed certificates. |
| Validity | Expires Jun 18 | Expires Sep 16 | Shows whether the public result moved to the new renewal window. |
| Chain depth | 3 | 2 | Flags intermediate-chain changes that may affect older clients. |
| Validation | Valid | Hostname mismatch | Separates successful renewal from an unsafe public binding. |