Certificate Transparency (CT) is an open framework of logs, monitors, and auditors created to help domain owners oversee digital certificates issued for their brands. CT logs help domain owners protect their brand by providing a way to find misissued or rogue certificates more easily. Certificate-issuing entities, like CAs, log certificates to comply with standards.
Meeting Certificate Transparency Compliance
CT strengthens the SSL/TLS certificate system by creating publicly auditable records of certificate issuance. Since 2015, Google has required CAs to log EV certificates to public CT logs. As of April 2018, Google required CAs to log OV and DV certificates as well.
As of February 1, 2018, DigiCert has been publishing all newly issued public SSL/TLS certificates to public CT logs. This change did not affect any OV or DV certificates issued before February 1, 2018. More details »
The Many Benefits of Certificate Transparency
CT helps detect unauthorized certificates in a few hours instead of days, weeks, or months. Domain owners can identify any certificates issued without express approval or outside their domain policy.
Using CT helps users identify which certificates require revocation, allowing them to quickly communicate with the issuing CA and shortening the process for revoking a certificate.
CT gives public insight into the SSL/TLS system, giving anyone the ability to observe and verify the system’s health and integrity. Users can also see differences in issuance processes between CAs.
By providing transparency into the certificate issuance process and informing users about issued certificates, CT strengthens the chain of trust and makes online browsing safer for all everyone.
DigiCert & Certificate Transparency
DigiCert supports CT. Earlier detection of misissued certificates is important for server operators and users. As such, CT is a significant improvement for the industry and highlights CAs using good certificate issuance practices. We will always follow the highest standards for verifying identities and issuing high-assurance digital certificates.