Feb 28, 2018 Tim Callan Alerts & Notices

What is Certificate Transparency?

Certificate Transparency (CT) is an open standard that allows the public to monitor the certificates issued by participating CAs.  How it works in a nutshell is that to be CT-compliant a CA must add new certificates to a publicly available log that anyone can access to see the certificates this Certificate Authority is issuing.

It's the old idea about light being the best disinfectant.  By making these logs public, companies will have the opportunity to monitor their own domain names for certificates issued against them unexpectedly.  Such a certificate might represent unauthorized use within the company, criminal activity, or even CA error.  Once a company discovers such a cert it can take action to revoke it, replace it with an authorized cert, or bring it under management according to its official policies.

Furthermore, any public watchdog group or individual can review CT logs for suspicious activity that could represent erroneous or criminal certificates.

The Chrome team at Google has announced that as of April 2018 all public CAs will need to support Certificate Transparency or they will be distrusted in Chrome.  Google has been socializing this requirement to the appropriate technology communities for a long time, so this announcement is no surprise.

So what do you have to do?

You don't have to do anything.  Every certificate sold by GeoCerts is from a provider that fully supports Certificate Transparency, and all of your certificates provided by GeoCerts will work as-is, regardless of authentication level or brand.  If you have other certificates that you fear will not be trusted after the April deadline, we will gladly help you replace them with a certificate that is known and trusted from a proven CA.