Certificate Transparency (CT) is an open framework of logs, monitors, and auditors created to help domain owners oversee digital certificates issued for their brands. CT logs help domain owners protect their brand by providing a way to find misissued or rogue certificates more easily. Certificate-issuing entities, like CAs, log certificates to comply with standards.

Meeting Certificate Transparency Compliance

CT strengthens the SSL/TLS certificate system by creating publicly auditable records of certificate issuance. Since 2015, Google has required CAs to log EV certificates to public CT logs. In April 2018, Google began requiring CAs to also log OV and DV certificates to public CT logs.

DigiCert began publishing all newly issued public SSL/TLS certificates to public CT logs February 1, 2018. This change did not affect any OV or DV certificates issued before February 1, 2018.
More details »

Browsers with Certificate Transparency policies

  • As of April 2018, Google required CAs to log all SSL/TLS certificates (EV, OV, and DV).
  • As of October 15, 2018, Apple required CAs to log all SSL/TLS certificates (EV, OV, and DV).

The Many Benefits of Certificate Transparency

Earlier Detection

CT helps detect unauthorized certificates in a few hours instead of days, weeks, or months. Domain owners can identify any certificates issued without express approval or outside their domain policy.

Faster Mitigation

Using CT helps users identify which certificates require revocation, allowing them to quickly communicate with the issuing CA and shortening the process for revoking a certificate.

Better Insight

CT gives public insight into the SSL/TLS system, giving anyone the ability to observe and verify the system’s health and integrity. Users can also see differences in issuance processes between CAs.

Stronger Security

By providing transparency into the certificate issuance process and informing users about issued certificates, CT strengthens the chain of trust and makes online browsing safer for all everyone.

DigiCert & Certificate Transparency

DigiCert supports CT. Earlier detection of misissued certificates is important for server operators and users. As such, CT is a significant improvement for the industry and highlights CAs using good certificate issuance practices. We will always follow the highest standards for verifying identities and issuing high-assurance digital certificates.