Certificate Transparency (CT) is an open framework of logs, monitors, and auditors created to help domain owners oversee digital certificates issued for their brands. CT logs help domain owners protect their brand by providing a way to find misissued or rogue certificates more easily. Certificate-issuing entities, like CAs, log certificates to comply with standards.
Meeting Certificate Transparency Compliance
CT strengthens the SSL certificate system with publicly auditable records of certificate issuance. Google has required CAs to log EV certificates for CT since 2015. And in a new announcement, CAs will need to log all publicly trusted certificates starting in April 2018.
If interested, certificate owners can have CT enabled for any certificate in their account right now. Contact Support for more information.
The Many Benefits of Certificate Transparency
CT helps detect unauthorized certificates in a few hours instead of days, weeks, or months. Domain owners can identify any certificates issued without express approval or outside their domain policy.
Using CT helps users identify which certificates require revocation, allowing them to quickly communicate with the issuing CA and shortening the process for revoking a certificate.
CT gives public insight into the SSL/TLS system, giving anyone the ability to observe and verify the system’s health and integrity. Users can also see differences in issuance processes between CAs.
By providing transparency into the certificate issuance process and informing users about issued certificates, CT strengthens the chain of trust and makes online browsing safer for all everyone.
DigiCert & Certificate Transparency
DigiCert supports CT. Earlier detection of misissued certificates is important for server operators and users. As such, CT is a significant improvement for the industry and highlights CAs using good certificate issuance practices. We will always follow the highest standards for verifying identities and issuing high-assurance digital certificates.