Public Trust & Certificates

What are CT Logs?

What are CT Logs?

CT logs are a publicly auditable record of TLS/SSL certificate issuance by each Certificate Authority. DigiCert was the first CA to build a CT log that was accepted by Google in 2013.


What is CT Log Monitoring?

Certificate Transparency (CT) log monitoring is the process of tracking all publicly issued certificates for an organization’s domain(s) to ensure that they are authentic and legitimate and have not been compromised by malicious actors. CT log monitoring allows organizations to be informed of any attempts to spoof their website by bad actors. In addition, CT logs keep Certificate Authorities, or CAs, accountable for the certificates they issue. DigiCert was the first CA to publish CT logs.

Related articles: 

https://docs.digicert.com/manage-certificates/logging-public-ssl-tls-certificates-to-public-ct/

https://docs.digicert.com/certificate-tools/ct-log-monitoring-service/ 

https://dev.digicert.com/services-api/ct-log-monitoring-api/


What are the browsers’ Certificate Transparency (CT) policies?

Browser Certificate Transparency (CT) policies include:

  • Apple Safari: As of October 15, 2018, Apple required CAs to log all SSL/TLS certificates (EV, OV, and DV).
  • Google Chrome: As of April 2018, Google required CAs to log all SSL/TLS certificates (EV, OV, and DV).
  • Firefox: Not implemented.

Related article:

https://www.digicert.com/faq/certificate-transparency/overview.htm


Why are CT Logs important?

Certificate Transparency (CT) Logs are important because they allow website owners to track all publicly issued certificates for their domain(s) and protect against malicious actors gaining control of the domain. CT logs strengthen the TLS/SSL certificate ecosystem by creating publicly auditable records of certificate issuance. Since 2015, Google has required CAs to log Extended Validation (EV) certificates to public CT logs. In April 2018, Google began requiring CAs to also log Organization Validated (OV) and Domain Validated (DV) certificates to public CT logs.


How do CT Logs increase public trust?

CT logs increase public trust because they account for all public certificates issued by specific Certificate Authorities. In other words, CT logs strengthen the TLS/SSL certificate ecosystem by creating publicly auditable records of certificate issuance.