Certificate Transparency (CT) is an open framework that was created to help domain and brand owners identify certificates that are issued for their domains. It helps domain owners monitor the use of certificates, verify that internal policies are being followed by server operators, and verify that any Certificate Authorities (CAs) issuing certificates for their domain(s) were properly authorized by the organization.

The CT framework includes certificate logs, monitors, and auditors. Each piece interoperates to strengthen the SSL Certificate system by providing a publicly auditable record of certificate issuance.

Benefits of Certificate Transparency

Earlier Detection

CT will help detect unauthorized certificates in a few hours instead of days, weeks, or months. Domain owners can identify any certificates issued without express approval or outside their domain policy.

Faster Mitigation

Using CT will help users identify which certificates require revocation, allowing them to quickly communicate with the issuing CA. This will shorten the process for revoking a certificate.

Better Insight

CT gives public insight into the TLS/SSL system, giving anyone the ability to observe and verify the system’s health and integrity. Users will also see the difference in issuance practices between CAs.

Stronger Security

By providing transparency into the certificate issuance process and informing users about issued certificates, CT strengthens the chain of trust and makes online browsing safer for all everyone.

DigiCert and Certificate Transparency

DigiCert supports CT and considers it to be a significant improvement in the industry. We hope that it becomes adopted for all certificates.

DigiCert maintains a robust security infrastructure and follows the highest industry standards in verifying identities and issuing high-assurance SSL/TLS Certificates. Although DigiCert’s high assurance services are designed to prevent misissuance and provide a high degree of validation, we understand the importance of early detection for server operators and users alike.

DigiCert believes that more efforts like CT are important to highlight CAs and help them stand out for their good certificate issuance practices.