In 2015, Google discovered that the root CAs had issued thousands of certificates without permission, which could be used to intercept or disrupt secure communications between Google products and users. Since then, such incidents have occurred frequently[1]. Therefore, when the CA organization issues SSL certificates that should not be issued due to improper operation or other reasons, who can supervise and detect these certificates? In response to these problems, the necessity of certificate transparency arose.

Recently, NicSRS has released a CT (Certificate Transparency) log query tool on its official website, which allows you to query certificate information directly without logging in or installing anything. This act makes NicSRS one of the few companies that offer such an easy-to-use tool. So to have a deeper understanding of what this tool does, it’d be helpful to have an idea about what CT is.

What Is Certificate Transparency?

Certificate Transparency is an open framework for recording, monitoring and auditing all digital certificates issued by CAs to ensure Internet security. Based on this, this system can identify false or malicious certificates. Potentially malicious certificates can be detected or revoked more quickly. This way, digital certificates are more open to public scrutiny and supervision.

Before CT, there wasn't an efficient way to get a complete list of certificates issued to domain names. Therefore, CT provides additional security guarantees for TLS/SSL certificates, enabling customers to trust CAs and allowing individuals or businesses to query their SSL certificates through CT Log anytime and anywhere, thereby further ensuring the validity of the certificates.

What Is the Certificate Transparency Log?

The CT log is a publicly available audit record that records each CA’s TLS/SSL certificates issued out. It enables users to check all SSL/TLS certificates issued to their domain, along with a list of certificate details, including common name, subjective alternative name, validity period, certificate issuer, etc.

The CT log greatly enhances the ability of individuals or enterprises to monitor and research certificate issuance, significantly improving the CA environment as well as network security.

What Are the Benefits of Certificate Transparency Log?

* Query the details of the certificate. In the CT log, you can view the issuer of the domain name certificate, the subdomain name, all certificates used before, and other important information. In addition, with the CT log, the validity period of the certificate can be queried. It can identify which certificates are about to expire or need to be revoked in time to avoid unnecessary damage to individuals or enterprises.

* Early monitoring. The CT log can help you query unauthorized certificates within minutes.

* Enhanced certificate security. The certificate records saved in the CT Log can only be added, not deleted or modified, which effectively protects the reliability of certificates and prevents messages from being tampered with. In addition, apart from the domain name owner, anyone interested in it can enter the CT Log to query, which also improves the responsibility of the certificate authority.

The Functions of the CT Log Query Tool.

Enter this URL (https://www.nicsrs.com/check-ct-log) in your browser, and you can query all SSL certificates issued to the domain without logging in. After hitting "Check", all information is displayed below, including the Common Name, Subject Alternative Names, Valid from, Valid to, Issuer, etc. You can also view more information by clicking on "Details" under the Operate list. It’s really friendly to use and helps to save a lot of time.

Certificate Transparency is a great improvement for the industry and is of great significance for recording, monitoring, and auditing SSL certificates. A reputable CA will ensure that every certificate is added and recorded in the CT logs. NicSRS has focused on the field of digital certificates for over a decade and has always followed the highest standards to contribute to a more secure online environment.



[1]: https://bit.ly/3SDnnQ5