Relevant Items

Moving Forward with Certificate Transparency | BLOG

As we move in 2015, you will start to see Certificate Transparency deployed on EV SSL certificates. Google has required that as of January 2015, all EV SSL certificates be publicly logged to retain their EV status. All current EV SSL certificates will be white listed for the Chrome browser. Google Chrome will be the only browser supporting Certificate Transparency. If your certificate has been logged you will see that the identity is “publicly auditable” and “transparency information” will be provided. cert_transparency 2 When you select “transparency information”, you will see time-stamps from each log. cert_transparency 3 Most certification authorities (CAs) will not support certificate transparency for non-EV certificates, so you will still see legitimate SSL certificates where Chrome will state “does not have public records.” If certificate transparency is successful, it will likely be extended to all SSL certificates. With certificate transparency, the logs can be monitored which will indicate all EV SSL certificates which have been issued for a given domain. This will allow unauthorized certificates to addressed and revoked. Update July 24 2015: With the release of Chrome 44, if the certificate is not logged, then Chrome states "No Certificate Transparency information was supplied by the server."