¶ºÒõ¹Ý

Announcements 12-05-2014

Certificate Transparency Required for EV Certificates to Show Green Address Bar in Chrome

Meggie Woodfield

Google announced that they will require Certificate Transparency (CT) for all EV certificates issued after January 1, 2015. If a CT proof is not included either in the Certificate or as part of an OCSP stapled response, the EV certificate will not display the green address bar in Chrome.

Migration to CT

Before January 1, Google will whitelist all existing EV certificates so they continue to show the green bar. This means that websites that already have an EV certificate are free to continue using their certificate without a logged timestamp.

EV certificates issued after January 1 must include a set number of proofs from a CT log server or they will not show the green bar. A one year EV certificate requires two proofs while a two year EV certificate requires at least three proofs.

¶ºÒõ¹Ý customers have had the option of enabling CT on any ¶ºÒõ¹Ý certificate issued. And, , all new EV certificates issued by ¶ºÒõ¹Ý will include the required number of proofs by default.

What Do I Need to Do?

If you have an existing EV certificate that is publicly accessible you do not need to take any action. Your certificate will be whitelisted in Chrome and will continue to show the green bar. If your certificate is internal or is is not publicly accessible it will not be included.

If you plan on ordering an EV certificate after January 1, 2015 and want your site to show the green address bar, you must log your cert with an approved CT log server. ¶ºÒõ¹Ý operates a log server and will use its log servers along with ones operated by Google and other reputable sources.

If you are a ¶ºÒõ¹Ý customer, your EV certificate will have a CT proof embedded by default. If you wish to change your certificate to an OCSP stapled proof rather than the default embedded proof you can do so by contacting customer support.

If you are not a ¶ºÒõ¹Ý customer, we recommend that you contact your Certificate Authority to ask if they support CT and if they can enable it for your certificate.

Certificate Transparency and ¶ºÒõ¹Ý

Certificate Transparency is a Google initiative created to log, audit, and monitor all public SSL Certificates. CT makes it possible to detect SSL Certificates that have been mistakenly issued or maliciously acquired.

¶ºÒõ¹Ý sees CT as an important step toward enhancing online trust and has been working closely with Google to help CT become a reality.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-11-2024

FIPS 140-3 certification unlocked for ¶ºÒõ¹Ý TrustCore SDK

10-31-2024

Announcing the GA release of ¶ºÒõ¹Ý Device Trust Manager