DigiCert is the first Certificate Authority to enable compatibility with Google's Certificate Transparency initiative.
Last month, we announced our plans to implement Certificate Transparency (CT) and committed to offer customers the option of adding certificates to Certificate Transparency logs by the end of October. Today, we are pleased to announce that we met this goal.
The DigiCert CA platform can now issue certificates that are logged in Google’s Certificate Transparency public log servers. During the initial phase of Certificate Transparency implementation, registration with a Certificate Transparency log is optional.
Customers who wish to enable Certificate Transparency support for their certificates can do so by contacting our 24 hour customer support team, the process of enabling Certificate Transparency for SSL takes just a few minutes. By opting in, customers can test and prepare their environments prior to when Certificate Transparency becomes mandatory for publicly trusted certificates in Chrome.
Once Chrome requires Certificate Transparency for all certificates, it will be enabled by default for all DigiCert customers. Certificate Transparency is important for several reasons which is why DigiCert has made considerable efforts to be the first CA with Certificate Transparency compliance.
Because Certificate Transparency requires that certificates be added to a public log, it provides an early detection system by which rogue, mis-issued or other problem certificates can be identified and mitigated quickly. This could include detecting interference by third-parties such as nation states within the certificate ecosystem.
Certificate Transparency may very well even discourage would-be attackers.
For customers opting in to Certificate Transparency, DigiCert will send a pre-certificate sent to a log server that keeps track of the certificate contents. The log server returns a “signed certificate timestamp” (SCT) that can either be embedded in the official certificate or provided by other means.
The SCT serves as a pointer to where that certificate was registered in the log, providing insight on what the CA issues. In essence, CT shines a light on CA practices and permits monitoring of deployed certificate resources, which is essential in detecting and mitigating SSL/TLS threats.
At DigiCert, trust and security are the fundamental building blocks of our business and trust on the Internet. That’s why we have invested a considerable amount of time and resources into the CA/Browser Forum, IETF, and other industry standards groups that are working to create better security practices and higher standards online safety.
DigiCert is also involved in ongoing efforts with independent groups, like the Online Trust Alliance, focused on educating everyone on SSL and the benefits it provides. Our wide range of online tools are designed to simplify deployment of SSL, making best security practices easy to implement.
We applaud Google for its forward-thinking work with Certificate Transparency and pledge our continued support of scalable and practical enhancements to online security. We hope that by embracing Certificate Transparency early, we can help encourage others to do likewise and move Certificate Transparency closer to widespread adoption.
You can learn more more information about DigiCert and our efforts to implement and enable Certificate Transparency on the DigiCert site.