As the internet continues to sprawl, more and more SSL/TLS certificates are needed to keep data secure. With so many to manage, improperly or maliciously issued certificates can easily slip through the cracks, threatening the stability and security of the entire SSL/TLS ecosystem.
That's why as of October 1, 2017, all public certificates issued will be required to support Certificate Transparency. Learn more about Certificate Transparency and how DigiCert can help you get the most out of this emerging industry standard with our helpful infographic breakdown.
WHO LOGS CERTIFICATES
Certificate Authority (CA)
Authenticates and verifies identity; issues certificate
CAs log SSL/TLS certificates as part of issuance process
Third parties seek out, find, and log certificates to promote system transparency
Public Certificate Transparency Log Server
WHO ACCESSES THE LOGS
Business or Domain Owners / IT
Web Browsers & Data Aggregators
Security Professionals and Applications
Key stakeholders and interested parties can easily monitor the logs to quickly identify and mitigate maliciously or mis-issued certificates.
You can also check for Certificate Transparency in the certificate details. If you are using certificates issued before October 1, 2017, you may need to upgrade, replace or reissue your certificate. If your website is not CT-compliant with logged certificates, users may see warnings in Google Chrome.
If you want to hide the details of your private website, choose 'Root domain names only' when enrolling new certificates. This is covered by the latest version of the Internet Engineering Task Force (IETF) standards but may not be respected by all browsers or Certificate Transparency logs.
CT is standard in all our SSL/TLS certificates. It works like this: Certificate Authorities, such as Symantec, log new certificates in publicly accessible, tamper-proof registries. Browsers can use these logs to verify certificates, and IT managers can also use them to spot problems, including improperly issued, out-of-policy and rogue certificates.