Security also: CT

Certificate Transparency

Append-only public logs of every TLS certificate issued.

In plain terms

RFC 6962. Browsers refuse certs without a Signed Certificate Timestamp embedded. Tools like crt.sh let you spot rogue certs for your domain in minutes.

Origin

Ben Laurie and Adam Langley at Google proposed CT in 2012 in response to the 2011 DigiNotar incident. RFC 6962 (2013) standardised it; RFC 9162 (2021) is the v2. Browsers refuse certs without an SCT today.

Where it shows up in production

crt.sh & Censys Search-the-logs services. Type your domain and see every TLS cert ever issued for it.
Cloudflare Merkle Town Public dashboard summarising the cert ecosystem from the CT logs.
Let's Encrypt Every issued cert gets a CT log entry within minutes — driving the audit trail for ~50% of the web.

On Semicolony

Guide https

Sources & further reading

RFC RFC 6962 — Certificate Transparency
Docs certificate-transparency.org
Docs crt.sh search

Found this useful?