Certificate Transparency
A public logging system that monitors certificate issuance
Certificate Transparency (CT) is an open framework designed to monitor and audit SSL certificate issuance in real-time. CT addresses the problem of rogue or mis-issued certificates by requiring Certificate Authorities to log all certificates they issue to publicly auditable, append-only logs. These logs are cryptographically secured and distributed across multiple operators worldwide.
When a CA issues a certificate, they must submit it to CT logs and include Signed Certificate Timestamps (SCTs) in the certificate or during the TLS handshake. Browsers can verify these SCTs to ensure the certificate was properly logged. CT logs allow domain owners to monitor for unauthorized certificates issued for their domains, enabling rapid detection of potential security threats.
Major browsers now require CT compliance for certain types of certificates, and non-compliant certificates may generate warnings or be rejected. CT has successfully detected numerous cases of unauthorized certificate issuance and has become an essential component of the web PKI ecosystem. Organizations can monitor CT logs for their domains using automated tools to detect suspicious certificate activity.
Where You'll See This Term
This term commonly appears in:
- SSL certificate details pages
- Certificate Authority validation processes
- SSL configuration documentation
- Security audit reports
- Certificate management interfaces