Certificate Transparency Required for EV Certificates to Show Green Address Bar in Chrome

Google announced that they will require Certificate Transparency (CT) for all EV certificates issued after January 1, 2015. If a CT proof is not included either in the Certificate or as part of an OCSP stapled response, the EV certificate will not display the green address bar in Chrome.

Migration to CT

Before January 1, Google will whitelist all existing EV certificates so they continue to show the green bar. This means that websites that already have an EV certificate are free to continue using their certificate without a logged timestamp.

EV certificates issued after January 1 must include a set number of proofs from a CT log server or they will not show the green bar. A one year EV certificate requires two proofs while a two year EV certificate requires at least three proofs.

Since November, 2013 DigiCert customers have had the option of enabling CT on any DigiCert certificate issued. And, starting December 23, all new EV certificates issued by DigiCert will include the required number of proofs by default.

What Do I Need to Do?

If you have an existing EV certificate that is publicly accessible you do not need to take any action. Your certificate will be whitelisted in Chrome and will continue to show the green bar. If your certificate is internal or is is not publicly accessible it will not be included.

If you plan on ordering an EV certificate after January 1, 2015 and want your site to show the green address bar, you must log your cert with an approved CT log server. DigiCert operates a log server and will use its log servers along with ones operated by Google and other reputable sources.

If you are a DigiCert customer, your EV certificate will have a CT proof embedded by default. If you wish to change your certificate to an OCSP stapled proof rather than the default embedded proof you can do so by contacting customer support.

If you are not a DigiCert customer, we recommend that you contact your Certificate Authority to ask if they support CT and if they can enable it for your certificate.

Certificate Transparency and DigiCert

Certificate Transparency is a Google initiative created to log, audit, and monitor all public SSL Certificates. CT makes it possible to detect SSL Certificates that have been mistakenly issued or maliciously acquired.

DigiCert sees CT as an important step toward enhancing online trust and has been working closely with Google to help CT become a reality.