As we move in 2015, you will start to see Certificate Transparency deployed on EV SSL certificates. Google has required that as of January 2015, all EV SSL certificates be publicly logged to retain their EV status. All current EV SSL certificates will be white listed for the Chrome browser. Google Chrome will be the only browser supporting Certificate Transparency. If your certificate has been logged you will see that the identity is “publicly auditable” and “transparency information” will be provided. cert_transparency 2 When you select “transparency information”, you will see time-stamps from each log. cert_transparency 3 Most certification authorities (CAs) will not support certificate transparency for non-EV certificates, so you will still see legitimate SSL certificates where Chrome will state “does not have public records.” If certificate transparency is successful, it will likely be extended to all SSL certificates. With certificate transparency, the logs can be monitored which will indicate all EV SSL certificates which have been issued for a given domain. This will allow unauthorized certificates to addressed and revoked. Update July 24 2015: With the release of Chrome 44, if the certificate is not logged, then Chrome states "No Certificate Transparency information was supplied by the server."

Bruce Morton

Bruce Morton

Bruce Morton has worked in the public key infrastructure and digital certificate industry for more than 15 years and has focused on SSL and other publicly trusted certificates since 2005. He has been an active member of the CA/Browser Forum that released guidelines for extended validation (EV) certificates and Baseline Requirements for SSL certificates. Bruce oversees the governance and compliance of Entrust’s publicly trusted PKI.