DigiCert to Begin Logging SSL Certificates on February 1
Certificate Transparency is mandatory as of April 2018
As of February 1, 2018, DigiCert will submit all newly issued SSL certificates to Certificate Transparency (CT) logs as a default.
Clint Wilson, DigiCert’s Technical Product Manager, detailed the decision in a blog post:
In the interest of improving our customer’s security and encouraging adoption, we are making this change ahead of Google’s industry-wide requirement that goes into effect in April 2018. CT logging has only been required for EV certificates since 2015.
This change will happen automatically on February 1st. Your publicly trusted DigiCert SSL Certificates issued on or after that date will include pieces of data called “SCTs”—Signed Certificate Timestamps. These are embedded directly into the certificate and tell client software, like web browsers, that the certificate has been logged. When Google Chrome begins enforcing CT compliance in April, your certificates will already be compatible. You don’t need to do anything unless you don’t want your certificates logged.
This move will only affect DigiCert certificates. The Symantec brand (Symantec, RapidSSL, GeoTrust & Thawte), which DigiCert acquired last Fall, is already required to log all new certificates as part of an agreement with Google.
What is Certificate Transparency?
If you’re looking for a detailed explanation of Certificate Transparency, Vince (who ironically now works for DigiCert) wrote an excellent article about it last year.
But, if you’re only looking for the abridged version, Certificate Transparency is a logging mechanism that helps strengthen PKI by adding a layer of transparency and helping to better spot mis-issuance. The idea is this, starting in March 2018 every Certificate Authority will be required to log every publicly-trusted SSL certificate that’s issued. The certificates will be recorded in public databases (logs) where certificates can easily be searched and monitored.
This, in turn, allows website owners to see a comprehensive list of certificates issued for their domain, which in turn provides better oversight over the activities of CAs.
What Happens if my Certificate isn’t Logged?
Starting in April 2018, all newly-issued certificates will be required to be logged. If your certificate was issued before April 2018, there will be no penalty. However, if your certificate is issued after the deadline and doesn’t appear in CT logs, it will be treated the same as a self-signed or expired certificate. That is, it will receive browser warnings.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown