Certificate Transparency logging now mandatory

Profile image of Mattias Geniar

Mattias Geniar, April 30, 2018

Follow me on Twitter as @mattiasgeniar

All certificates are now required to be logged in publicly available logs (aka “Certificate Transparency”).

Since January 2015, Chrome has required that Extended Validation (EV) certificates be CT-compliant in order to receive EV status.

In April 2018, this requirement will be extended to all newly-issued publicly-trusted certificates – DV, OV, and EV – and certificates failing to comply with this policy will not be recognized as trusted when evaluated by Chrome.

Source: Certificate Transparency Enforcement in Google Chrome – Google Groups

In other words: if Chrome encounters a certificate, issued after April 2018, that isn’t signed by a Certificate Transparency log, the certificate will be marked as insecure.

Don’t want to have this happen to you out of the blue? Monitor your sites and their certificate health via Oh Dear!.