Category Archives: Generator Labs

Monitoring Internal and Private CA Certificates with Generator Labs

Leave a reply

External certificate monitoring works well for public-facing infrastructure, but it has an obvious blind spot: it can’t reach anything inside your private network. Internal APIs, databases with TLS-encrypted connections, mail servers on non-public ports, self-signed certificates, and infrastructure issued by a private CA all go completely unmonitored. Those certificates still expire. When they do, the failures tend to be worse, because internal services rarely have the same visibility as public ones.

Generator Labs internal certificate monitoring solves this with a lightweight on-premise agent you deploy as a Docker container inside your network.

How It Works

Diagram showing the Generator Labs private monitoring agent connecting internal hosts to the platform over outbound HTTPS

The agent runs inside your private network, connects to your internal hosts, retrieves their certificates, and reports the data back to the Generator Labs platform over outbound HTTPS. No inbound firewall rules are required. Private keys never leave your network. From the platform’s side, internal monitors look and behave exactly like external ones.

What It Can Monitor

The agent connects to any TLS endpoint your network can reach:

  • Internal web servers and APIs
  • Databases with TLS connections (PostgreSQL, MySQL, MongoDB, Redis)
  • Internal mail servers (SMTP, IMAP, POP3 with STARTTLS or implicit TLS)
  • IoT devices and embedded systems serving TLS on custom ports
  • Any service running TLS on any port

It runs the same eight checks as external monitoring: expiration, chain integrity, hostname validation, CA trust, revocation, fingerprint changes, flapping, and CAA records.

Private CA Support

If your internal certificates are issued by a private CA, you can import that CA’s root certificate into the platform. The agent then validates certificate chains all the way to your private root, so chain integrity checks work correctly for internally-issued certificates, not just publicly-trusted ones.

Alerts

All the same notification channels are available: email, Slack, PagerDuty, Discord, webhooks, AWS SNS, and more. Internal certificate expiration or chain failures trigger the same alert pipeline as any other monitoring event.

Getting Started

The agent is open source and available at github.com/generator-labs/agent. Deploying it takes a few minutes: pull the Docker image, set your API credentials as environment variables, and configure the hosts you want to monitor. Full setup instructions are on the internal certificate monitoring page.

Generator Labs: Blacklist and Certificate Monitoring for Email and Infrastructure Teams

Leave a reply

Generator Labs provides infrastructure monitoring for teams that need to stay ahead of two specific problems: IP and domain blacklistings that kill email deliverability, and SSL certificates that expire without warning. Both products run in the same portal, so you manage everything in one place.

Blacklist Monitoring

Blacklist monitoring runs continuous checks of your IPv4 addresses, IPv6 addresses, and domains against hundreds of RBL and URIBL data sources. The moment a listing is detected, alerts go out through whatever channels you have configured: email, SMS, Slack, Discord, PagerDuty, or webhooks.

Coverage is the differentiator. Free one-shot tools check a handful of the major lists. Generator Labs checks well over a hundred data sources on a schedule, including 30+ premium sources on Enterprise and Ultimate plans that free tools do not cover. You get notified when something changes; you are not logging in to run a manual check.

Other features worth knowing:

Full IPv6 support. IPv4 and IPv6 addresses are both monitored across all plans. As more mail infrastructure goes dual-stack, IPv6 blacklisting is a real and growing issue that most monitoring tools still treat as secondary.

Shareable public reports. Every monitored host gets a public report URL you can hand to a client, ISP, or manager without giving anyone portal access.

REST API. Full programmatic access to monitoring data and controls, with client libraries for PHP, Node.js, and Python.

Generator Labs RBL Monitoring hosts list

Blacklist Monitoring Pricing

  • Free: 1 host, 48-hour check interval, 100+ data sources. Free forever, no credit card required.
  • Professional: $8/month for 20 hosts at 24-hour intervals.
  • Enterprise: $16/month for 50 hosts at 12-hour intervals, premium data sources, custom run times.
  • Ultimate: $0.005 per check, unlimited hosts, custom intervals, all premium sources.

The Ultimate pay-per-check plan scales cleanly for larger deployments. Running 50 hosts daily against 150 data sources works out to roughly $11/month.

Certificate Monitoring

Certificate monitoring tracks SSL/TLS certificate expirations across your domains and sends alerts before anything expires. Add your domains, set alert thresholds, and the service runs automatically from there.

Both publicly-trusted and private or internal CA certificates are supported, which matters for teams running internal infrastructure that does not go through a public CA. Certificate expiry causes outages that are entirely preventable; automated monitoring removes the spreadsheet tracking and calendar reminders that most teams fall back on.

Generator Labs Certificate Monitoring monitors list

Monitoring profiles let you define reusable alert configurations across multiple monitors. Set custom expiration alert windows (5, 15, 30, 60 days, or any combination you need), choose which failure types trigger alerts, and assign private CAs or internal monitoring agents. One profile can cover dozens of monitors.

Generator Labs Certificate Monitoring add profile dialog

Certificate Monitoring Pricing

Certificate monitoring is priced at $0.01 per host per day, with no fixed tiers. You pay for what you monitor and can add or remove domains at any time.

Who It Is For

  • Email service providers and hosting companies monitoring large IP ranges
  • IT and security teams who need immediate notification when a host gets listed
  • Organizations managing many domains who need certificate expiry visibility without manual tracking
  • Developers who want API access to monitoring data for automation or integration

Get Started

Generator Labs offers continuous blacklist monitoring and certificate monitoring with solid alert coverage and a complete API. The free tier is a real free tier. Sign up at portal.generatorlabs.com to get started, no credit card required.

Python SDK for the Generator Labs REST API

Leave a reply

We’re extremely excited to announce the release of the office Generator Labs Python SDK. Developers can us this simple wrapper library to integrate all the features of the Generator Labs API into their existing processes.

Installation

The Python SDK can be installed via the Python package manager:

pip install generatorlabs

Or if you prefer, you can clone the source code from the official GitHub repository.

API Access Token

To authenticate API requests, you must use the Account SID and Access Token, available from the Account -> API Access section of the Generator Labs Portal.

Example Usage

Using the Python SDK only requires a few lines of code. In this example, we’ll request a list of hosts from our account:

import generatorlabs

try:
 client = generatorlabs.Client('Your Account SID', 'Your Auth Token')

data = client.hosts.get();

except generatorlabs.GeneratorLabsException as err:
 print(err)

In this example, we’ll start a manual check process, using the real-time check features of the Generator Labs API:

import generatorlabs

try:
 client = generatorlabs.Client('Your Account SID', 'Your Auth Token')

data = client.check.start({

"host": "10.10.10.11",
 "callback": "https://your.website.com/callback.php",
 "details": 1
 });

except generatorlabs.GeneratorLabsException as err:
 print(err)

See our API Reference for a complete list of all the Python SDK features.

Generator Labs – Updated Two-Factor Authentication

Leave a reply

Your account security is extremely important to us here at Generator Labs. Since our initial inception, we’ve supported two-factor authentication using the Clef application, which provided an easy-to-use two-factor authentication, and single sign-on application.

With the recent news that Clef will be shutting down its services in early June (you can read all about it on the Clef blog), we’ve opted to remove support for it early, and implement an alternative two-factor authentication option using TOTP (Time-Based One-Time Passwords), a standard that won’t be going anywhere anytime soon.

TOTP uses an algorithm to compute a one-time password, based on a shared secret and the current time. One benefit of TOTP, is that the 6-digit authentication token that is generated automatically rolls over with time, which dramatically reduces the susceptibility to phishing schemes.

There are many freely available TOTP clients, but Generator Labs recommends the Google Authenticator application, available for free, for Android, iOS, and Blackberry devices. You can learn more about it here:

https://support.google.com/accounts/answer/1066447?visit_id=1-636261663713116260-4136591499&hl=en&rd=1

Two-factor authentication is available today, and can optionally be enabled on any account on the Generator Labs system. For a complete tutorial on setting up two-factor authentication, see the Setting up Two-Factor Authentication guide.

Blacklist Monitoring for Cloud Hosting

Leave a reply

Originally Posted on Blacklist Monitoring with Generator Labs.

Since our inception, we’ve helped thousands of companies and individuals, from all around the world, stay on top of day-to-day threats related to their email and websites. Recently, with the addition of our Facebook Threat Exchange monitoring, we’re helping those same customers battle social media related threats.

Some of our earliest customers have been cloud hosting and cloud computing companies- companies that provide the backbone of the Internet as we know it today.

Cloud Hosting Providers

One specific challenge with this type of company, is the sheer number of IP addresses and domains to monitor, and the regular re-use of these IP addresses. The last thing you want, is a brand new customer getting an IP address that is already blacklisted because of something the last owner did.

Another key challenge, is making sure that resources are used “only as needed”. Let’s face it- you don’t want to pay to monitor hosts that aren’t being used- and you shouldn’t have to.

We offer a few key features that makes blacklist monitoring for cloud hosting providers, easier and more affordable.

IP Range Host Type

Normally customers add IP addresses and domains (aka “Hosts”) to the Generator Labs portal individually. If you have 10 to 15 Hosts, this isn’t really a big deal. You can add hosts using our bulk loader, or individually. You can also add Hosts as a range or CIDR block (x.x.x.x/y).

But what if you have thousands of Hosts to monitor? At some point it’s going to become unwieldy to provision, and impossible to manage.

To support this, we built a custom “IP Range” Host type. This lets you add IP addresses as a range or CIDR block, but rather than thousands of IP addresses showing under your account, a single Host entry is shown. Our system will still monitor every single IP address individually– but the full block of IP addresses can be managed as a single entry.

So whether you have a few /24’s or a whole /18- you can easily manage the full IP block with ease.

API Provisioning

Loading all your IP addresses into the system is great, but what if you only want to monitor a sub-set of those hosts? Or if you only want to enable monitoring for hosts that are currently in-use?

Several of our customers have opted to integrate with our web-based API, to provision monitoring on IP addresses as they’re allocated to their customers. That way only active IP addresses are being monitored. This ensures that you’re only paying for monitoring that matters- that will actually impact your business or your customers.

The Generator Labs API is easily integrated into any provisioning or monitoring platform, with just a few simple lines of code:

# wget --post-data="type=rbl&name=Test&host=10.10.10.10" -qO- https://portal.generatorlabs.com/api/host/add.json?api_token=x

{
    "status_code": 200,
    "status_message": "Hosts added successfully.",
    "data": [
        {
            "id": "37c46a725dd8adab28d35b9f200c198d",
            "host": "10.10.10.10",
            "name": "Test"
        }
    ],
    "version": "2.0"
}

Easily enable monitoring on a Host when it’s allocated to a customer, and then disable it when it’s de-allocated- it’s a simple as that.

Contact Groups

When we identify an issue with any of your Hosts, we’ll immediately notify you via several different notification methods. These contacts can be broken down into custom contact groups, and assigned to Host. The end result, is that you can have a unique contact for every host under your account:

Cloud Hosting companies can optionally send alerts directly to their customers, notifying them about issues with their IP addresses and domains, and alleviating some of the burden from their network operations staff.

We regularly add new features and tools to make managing and provisioning monitoring services, easier and more effective for our customers.