{"id":5770,"date":"2018-01-26T15:04:14","date_gmt":"2018-01-26T20:04:14","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=5770"},"modified":"2018-01-29T05:17:19","modified_gmt":"2018-01-29T10:17:19","slug":"digicert-begin-logging-ssl-certificates-february-1","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/digicert-begin-logging-ssl-certificates-february-1\/","title":{"rendered":"DigiCert to Begin Logging SSL Certificates on February 1"},"content":{"rendered":"<h2>Certificate Transparency is mandatory as of April 2018<\/h2>\n<p>As of February 1, 2018, DigiCert will submit all newly issued SSL certificates to Certificate Transparency (CT) logs as a default.<span id=\"newline\"><\/span><\/p>\n<p>Clint Wilson, DigiCert\u2019s Technical Product Manager, <a href=\"https:\/\/www.digicert.com\/blog\/digicert-certificates-will-be-publicly-logged-feb-1\/?mkt_tok=eyJpIjoiTVdVME0yWXhNVEF6TURneCIsInQiOiJrSlR1YytZMmhnVnZrWWE4ZEh3MmJISm9oTE8xMnlGQXcwV05HRHU2SEdkazloa1JpbVNsYWlGeUFVQVVhUDVnRTk1TzdJczRWaG9cL25kWVpObzdVdkl6\" rel=\"nofollow\">detailed the decision in a blog post<\/a>:<\/p>\n<blockquote><p>In the interest of improving our customer\u2019s security and encouraging adoption, we are making this change ahead of Google\u2019s industry-wide requirement that goes into effect in\u00a0April 2018. CT logging has only been required for EV certificates since 2015.<\/p>\n<p>This change will happen automatically on February 1<sup>st<\/sup>. Your publicly trusted DigiCert SSL Certificates issued on or after that date will include pieces of data called \u201cSCTs\u201d\u2014Signed Certificate Timestamps. These are embedded directly into the certificate and tell client software, like web browsers, that the certificate has been logged. When Google Chrome begins enforcing CT compliance in April, your certificates will already be compatible. You don\u2019t need to do anything unless you don\u2019t want your certificates logged.<\/p><\/blockquote>\n<p>This move will only affect DigiCert certificates. The Symantec brand (Symantec, RapidSSL, GeoTrust &amp; Thawte), which DigiCert acquired last Fall, is already required to log all new certificates as part of an agreement with Google.<\/p>\n<h2>What is Certificate Transparency?<\/h2>\n<p>If you\u2019re looking for a detailed explanation of Certificate Transparency, Vince (who ironically now works for DigiCert) <a href=\"https:\/\/www.thesslstore.com\/blog\/certificate-transparency\/\">wrote an excellent article about it last year<\/a>.<\/p>\n<p>But, if you\u2019re only looking for the abridged version, Certificate Transparency is a logging mechanism that helps strengthen PKI by adding a layer of transparency and helping to better spot mis-issuance. The idea is this, <a href=\"https:\/\/www.thesslstore.com\/blog\/certificate-transparency-requirement\/\">starting in March 2018<\/a> every Certificate Authority will be required to log every publicly-trusted SSL certificate that\u2019s issued. The certificates will be recorded in public databases (logs) where certificates can easily be searched and monitored.<\/p>\n<p>This, in turn, allows website owners to see a comprehensive list of certificates issued for their domain, which in turn provides better oversight over the activities of CAs.<\/p>\n<h2>What Happens if my Certificate isn\u2019t Logged?<\/h2>\n<p>Starting in April 2018, all newly-issued certificates will be required to be logged. If your certificate was issued before April 2018, there will be no penalty. However, if your certificate is issued after the deadline and doesn\u2019t appear in CT logs, it will be treated the same as a self-signed or expired certificate. That is, it will receive browser warnings.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Certificate Transparency is mandatory as of April 2018 As of February 1, 2018, DigiCert will submit all newly issued SSL certificates to Certificate Transparency (CT) logs as a default. Clint&#8230;<\/p>\n","protected":false},"author":6,"featured_media":5771,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[130],"tags":[187,3628,179],"class_list":["post-5770","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-everything-encryption","tag-certificate-transparency","tag-digicert","tag-ssl-certificates","post-with-tags"],"views":10268,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/01\/digicert-ssl.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/5770","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=5770"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/5770\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/5771"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=5770"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=5770"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=5770"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}