in February 2015, the Chrome browser will require public logging of
Extended Validation (EV) SSL certificates in Certificate Transparency
is an initiative created by Google to log, audit and monitor all public
SSL Certificates. CT makes it possible to detect SSL certificates that
have been mistakenly issued or maliciously acquired. For more
information, see http://www.certificate-transparency.org/
certificates issued after January 1, 2015 that are not logged in CT
will not receive the enhanced “green bar” in Chrome that shows the
validated company information.
Certificate Transparency Requirements for Extended Validation SSL
Google’s CT requirements only apply to Extended Validation SSL. Domain
Validated (DV) and Organisation Validated (OV) SSL are not currently
logged, although Google may expand the CT requirements at a later date.
and other CAs will submit “whitelists” of existing EV SSL before
January 1 to ensure their continuing EV treatment in Chrome. Chrome is
the only browser requiring CT logging.
certificates issued after January 1 must provide proofs from a CT log
server or they will not show the “green bar” in Chrome. A one year EV
certificate requires two proofs, while a two year EV certificate
requires at least three proofs.
is operating several CT logs for use by CAs. In addition, QuoVadis is
participating in one of the first independent CT logs, ensuring that
QuoVadis certificates are logged on diverse CT platforms.
QuoVadis CT-ready by Default
you have an existing QuoVadis EV SSL, you do not need to take any
action. Your certificate will be whitelisted in CT and will continue to
show the “green bar” in Chrome.
the launch of QuoVadis Trust/Link Enterprise v3, by default all new
QuoVadis EV SSL will include the required number of CT proofs embedded
in the certificate.
the internet-wide implementation of CT continues, QuoVadis intends to
expand support in Trust/Link to allow customers to select, by policy,
how their certificates are logged in CT. Options may include the
current embedded proof as well as delivery of proofs via OCSP stapling
or TLS extensions.