In April 2018, Google's Chrome browser will begin requiring that all publicly-trusted server certificates issued by CAs such as Comodo CA are logged in public Certificate Transparency (CT) logs. This will include all Organization Validated (OV) and Domain Validated (DV) certificates, in addition to EV (Extended Validation) certificates which have been included in CT logs since January 2015.
No action is required by any of Comodo CA's customers or partners, and all issued certificates will simply continue to be trusted everywhere. Enterprises should note that certificates from Private CAs are not part of this requirement and will not be logged.
Comodo CA stands ready to meet this requirement, and will automatically generate the required Signed Certificate Timestamps and add them to issued certificates so that Google Chrome and other browsers in future, can be sure the certificates were issued correctly.
What is Certificate Transparency?
Certificate Transparency is a system of public 'logs' which are used to maintain an append-only list of all publicly-issued certificates. These logs can be used to detect any incorrectly-issued certificates, as well as allow users to monitor certificate issuance for their own properties that they may not know about or not have authorized.
Browsers can use data within the certificates that 'prove' the certificates were logged, and ensure they come across as trusted.
Comodo CA is committed to supporting the Certificate Transparency ecosystem by not only logging customers certificates, but by operating qualified log servers themselves and offering free tools to search and analyze the logs: https://crt.sh/.
The Comodo CA R&D department has taken the lead in this regard, having contributed significantly to the development of the CT protocol, having proposed the two mechanisms by which CAs can help customers achieve CT compliance - embedding SCTs in certs and in stapled OCSP responses. Additionally, Comodo CA R&D co-authored the CTv2 protocol at the IETF, and invented the domain label redaction mechanism.
If you have any further questions about Comodo CA certificates or Certificate Transparency, please contact our Support team at [email protected].