What is Certificate Transparency?
A public logging system for TLS certificates that allows domain owners to detect unauthorized certificates issued for their domains.
Certificate Transparency (CT) is a defense against rogue or compromised Certificate Authorities.
How It Works
- CAs must log every certificate they issue in publicly auditable CT logs
- Domain owners can monitor logs for unauthorized certificates
- Browsers can reject certificates not found in CT logs
Why It Matters
- A compromised CA could issue fake certificates for any website
- CT makes unauthorized certificate issuance detectable
- Major browsers (Chrome, Safari) require CT for all new certificates
Monitoring
- crt.sh: Search CT logs for any domain
- Facebook's CT monitoring tool
- Various automated monitoring services
Related Terms
Certificate Authority
An organization trusted to issue digital certificates that verify the identity of websites, enabling HTTPS encrypted connections.
Certificate Pinning
A security technique where an application only accepts specific TLS certificates for a given server, preventing man-in-the-middle attacks using forged certificates.
TLS
Transport Layer Security is a cryptographic protocol designed to provide secure communication over a computer network. TLS encrypts the connection between your browser and web servers, ensuring privacy and data integrity. It's the technology behind HTTPS.
Have more questions?
Use our guided flow to get the right next privacy step for Certificate Transparency.
Open Guided Flow