Certificate Transparency (CT) is an important component of Public Key Infrastructure (PKI). It allows domain owners, browsers, and other interested parties to see which CAs issued which certificates for which domains, when, and in what circumstances. This is crucial for ensuring the legitimacy of certificates and protecting network security.
What is Certificate Transparency (CT)?
Certificate Transparency (CT) is a system used to record and monitor the issuance of SSL certificates. Its purpose is to monitor forged server certificates by Certificate Authorities (CAs) or other malicious actors. With Certificate Transparency, newly issued certificates are "recorded" in the publicly accessible CT logs, providing an additional layer of security for SSL certificate trust. Clients no longer simply trust CAs; users or businesses can use CT to query and monitor at any time who has issued SSL certificates for their domains, thus ensuring the legitimacy of the certificates.
Which browsers support Certificate Transparency (CT)?
Major browsers such as Google Chrome, Apple Safari, Mozilla Firefox, and Microsoft Edge all support Certificate Transparency and have incorporated it into their security policies.
1. Google Chrome
Google Chrome requires CT logs, meaning all issued SSL certificates must support Certificate Transparency (CT). Otherwise, users will not be able to access websites using non-compliant SSL certificates.
2. Apple Safari
Apple Safari supports Certificate Transparency (CT), requiring all issued SSL certificates to be logged in a publicly accessible Certificate Transparency (CT) log to be trusted by Safari. Certificates that do not comply with the Certificate Transparency policy will cause TLS connection failures.
3. Mozilla Firefox
Mozilla Firefox supports Certificate Transparency (CT). Starting with version 133, Nightly implements this feature by default, requiring all issued SSL certificates to include sufficient Certificate Transparency information. Otherwise, Nightly will display an error page for websites deploying non-compliant SSL certificates.
4. Microsoft Edge
In February 2024, Microsoft added a Certificate Transparency (CT) policy to Windows' Crypt32, ensuring the validity of SSL certificates by checking the Signed Certificate Timestamp (SCT). Currently, Microsoft Edge's CT policy uses audit mode on Windows systems, and it is expected that other applications will also begin implementing this policy by the end of 2024.
Major browsers such as Chrome, Safari, Firefox, and Edge support CT. CT plays a significant role in cybersecurity, effectively preventing the misissue and abuse of SSL certificates and is a crucial mechanism for improving network security.
