Google’s Certificate Transparency (CT) project is a move to increase the safety of the SSL certificate system. It provides a means for the public logging of SSL certificates to help ensure that a certificate with something wrong with it is spotted as early as possible so that any damage it might do is minimized and so that remedial action can be taken to prevent the problem or error occurring again.
Thanks to modern cryptography, browsers can usually detect malicious websites that are provisioned with forged or fake SSL certificates. However, current cryptographic mechanisms aren’t so good at detecting malicious websites if they’re provisioned with mistakenly issued certificates or certificates that have been issued by a certificate authority (CA) that’s been compromised or gone rogue. In these cases, browsers see nothing wrong with the certificates because the CA appears to be in good standing, giving users the impression that the website they’re visiting is authentic and their connection is secure.
Certificate Transparency aims to remedy the certificate-based threats by making the issuance and existence of SSL certificates open to scrutiny by domain owners, CAs, and domain users. Specifically, Certificate Transparency has three main goals:
This open framework consists of three main components:
Certificate Transparancy is supported for all certificates, issued by Sectigo. You can use the online tool by Sectigo located at this URL in order to check your SSL certificates.