Certificate Transparency (CT)

Certificate Transparency (CT) is an Internet security standard and open-source framework for monitoring and auditing digital certificates. It creates a system of public logs that aim to record all certificates issued by publicly trusted certificate authorities. This means it will be more efficient to identify mistakenly or maliciously issued certificates.

With it, anyone could see which certificate authorities issued certificates for which domains. To make it successful, it relies on the support from many different parties like certificate authorities, browsers, brand owners, and companies running public certificate transparency logs.

What Is Certificate Transparency Used For?

Certificate transparency can help immensely when it comes to a certificate authority that issues a certificate to a wrong party or a certificate that is issued maliciously without the consent of a certificate authority.

For example, a certificate authority might issue a certificate to an incorrect domain. In this situation, the legitimate owner of the domain would then not have a valid certificate. Another example would be where a hacker issues a certificate on behalf of a certificate authority by bypassing its validation procedure. This means the hacker could issue certificates to scam websites which would place the users of the website at risk.

In both these cases, certificate transparency would have solved the problem because anyone could see from the logs that, in the first case, the certificate was issued incorrectly, and, in the second case, that a certificate was issued by or to a malicious party.

To effectively do this, certificate transparency has four components:

  • The certificate authority which issues certificates.

  • A certificate log that will maintain a record of all SSL certificates issued.

  • A certificate monitor that watches the certificate logs for suspicious activity. Every company may act as their own log monitor although may delegate this function to a third party.

  • A certificate auditor that checks the logs to verify that the log is consistent with other logs, the new entries have been added, and that the log is not corrupted.

Why is Certificate Transparency Important?

Certificate transparency is vital to ensure stronger Internet security because it provides full transparency into the certificate issuance process and it gives Internet users more insight into the SSL/TLS system. It also helps detect unauthorized certificates far quicker so domain owners can identify any certificates issued without their express approval, and because of this they can act quicker to revoke a certificate and mitigate the effects of the incorrect issuance.   

Start landing in more inboxes. Use Warmup Inbox to increase deliverability and monitor blacklist activity.

Get started today for free.

(no credit card required)