Certificate Transparency

What is Certificate Transparancy

Google’s Certificate Transparency (CT) project is a move to increase the safety of the SSL certificate system. It provides a means for the public logging of SSL certificates to help ensure that a certificate with something wrong with it is spotted as early as possible so that any damage it might do is minimized and so that remedial action can be taken to prevent the problem or error occurring again.

Thanks to modern cryptography, browsers can usually detect malicious websites that are provisioned with forged or fake SSL certificates. However, current cryptographic mechanisms aren’t so good at detecting malicious websites if they’re provisioned with mistakenly issued certificates or certificates that have been issued by a certificate authority (CA) that’s been compromised or gone rogue. In these cases, browsers see nothing wrong with the certificates because the CA appears to be in good standing, giving users the impression that the website they’re visiting is authentic and their connection is secure.

Usage

Certificate Transparency aims to remedy the certificate-based threats by making the issuance and existence of SSL certificates open to scrutiny by domain owners, CAs, and domain users. Specifically, Certificate Transparency has three main goals:

  • Make it impossible (or at least very difficult) for a CA to issue a SSL certificate for a domain without the certificate being visible to the owner of that domain.
  • Provide an open auditing and monitoring system that lets any domain owner or CA determine whether certificates have been mistakenly or maliciously issued.
  • Protect users (as much as possible) from being duped by certificates that were mistakenly or maliciously issued. Certificate Transparency satisfies these goals by creating an open framework for monitoring the TLS/SSL certificate system and auditing specific TLS/SSL certificates.

This open framework consists of three main components:

  • Certificate Logs
  • Monitors
  • Auditors

ClouDNS and Certificate Transparancy

Certificate Transparancy is supported for all certificates, issued by Sectigo. You can use the online tool by Sectigo located at this URL in order to check your SSL certificates.


Last modified: 2020-03-12
Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more