SIGNIFLOW

Discover our signature platform: sign and request signature for your PDFs in a fex clicks!

JOIN OUR AFFILIATE NETWORK

Join our affiliate network
and become a local SSL expert
Learn more about our program

PRODUCTS TO DISCOVER

SSL certificates Invoice signature eIDAS certificates Signature software

Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates VMC certificates
E-signature Strong authentication S/MIME certificates
Test certificates PKI Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow Harica
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


20141107 - Certificate Transparency

As of February 1st, 2015 Google will introduced a new standard on its tool Chromium regarding the validation of SSL certificates: the Certificate Transparency.

What is Certificate Transparency?

The Certificate Transparency requires the publication of the information of any SSL certificate in public data bases before issuance. This publication has to be done by the certification Authority automatically.

The content that is published is the certificate information (CN, Organization, SANs...).

The goal of the operation is to create a worldwide data base allowing anybody to know if a certificate has been delivered for a specific organization, who issued that certificate and for which purpose. It becomes then easier to find out if a certificate has been mis-issued. It does not prevent unauthorized parties to get a fraudulent certificate but it helps detecting them faster.

How will it work?

This new standard, only applied by Google Chrome for now, will only impact Extended Validation (EV) certificates over a first phase.

When Chrome encounters an EV certificate, it checks that the certificate is listed in one of the Certificate Transparency log servers. If not, the green URL bar, normally triggered by this kind of certificate, will then be deactivated. Nothing will distinguish an EV certificate from a 3-factor one.

EDIT 20180319: The Certificate Transparency will become mandatory on Chrome for any kind of certificate (DV, OV, EV) as of April 2018.

Schedule

The Certificate Transparency will be applied by chromium from February 1st, 2015. The information regarding certificates already issued and expiring after this date must be published before January 31st, 2015.

Case of Symantec, Thawte and Geotrust certificates

Symantec Group has already acted in order to be compliant with the new standard as soon as possible.

Public-facing EV certificates issued By Symantec, Thawte and Geotrust have already been published. No additionnal action is required from those certificates' owners.

Case of unreachable certificates

EV SSL certificates that are not reachable (by Common Name or SAN) via the Internet have not been published. The owners of these certificates will receive, in the next few days, an email asking if they want, or not, their certificate's information to be published.

Please understand that a publication refusal is final and that it will lead to the deactivation of the green URL bar in Chrome.

EDIT 20160115: Certificate Transparency for OV certificates

As announced at the end of last year, Symantec will be expanding Certificate Transparency support across all its brands of OV products (3-factor) on 19th January 2016. No action is required from the customers, from 19th January every certificates issud by Symantec, Thawte or Geotrust will be automatically logged.

Case of GlobalSign certificates

EV certificates securing publicly available web sites will automatically be posted to CT logs during December 2014.

Case of internally accessible websites: they won't be published to CT logs. The impacted customers will have to reissue their certificate after December 31, 2014 if they need to receive the Chrome EV treatment.

As of January 1st, 2015 all EV SSL Certificates will be published to CT logs during issuance.

Summary

Presence in the Certificate Transparency:
Sectigo Globalsign Symantec, Thawte, Geotrust
OV EV DV OV EV OV EV
Yes (from April 2018) Yes Yes Yes (from 30th October 2017) Yes Yes Yes

Useful links