Public handshake only
The service checks public hostnames from outside your infrastructure and reports the certificate state presented during the TLS handshake.
- Use it for hostnames reachable from the public internet.
- Confirm what customers and API clients can receive from the hostname.
- Run the free checker when you need a one-time public read.
| Area | What Domain Trust Watch uses | What it does not need |
|---|---|---|
| Certificate checks | Public TLS handshakes and certificate metadata. | Private keys, SSH access, or server credentials. |
| Alert delivery | Configured email, Slack incoming webhook, or signed webhook destinations. | Access to inboxes, Slack workspaces, or internal systems beyond the destination URL. |
| Webhook signing | Generated signing secret for receiver verification. | Unsigned trust in payload source. |
| Workspace access | Owner, admin, and member roles. | Shared passwords or unmanaged access. |
| Support | Hostname, workspace, event, delivery, or import context. | Passwords, private keys, or certificate procurement credentials. |