picture of tbs certificates
picture of tbs certificates
Our products range

20141107 - Certificate Transparency

As of February 1st, 2015 Google will introduced a new standard on its tool Chromium regarding the validation of SSL certificates: the Certificate Transparency.

What is Certificate Transparency?

The Certificate Transparency requires the publication of the information of any SSL certificate in public data bases before issuance. This publication has to be done by the certification Authority automatically.

The content that is published is the certificate information (CN, Organization, SANs...).

The goal of the operation is to create a worldwide data base allowing anybody to know if a certificate has been delivered for a specific organization, who issued that certificate and for which purpose. It becomes then easier to find out if a certificate has been mis-issued. It does not prevent unauthorized parties to get a fraudulent certificate but it helps detecting them faster.

How will it work?

This new standard, only applied by Google Chrome for now, will only impact Extended Validation (EV) certificates over a first phase.

When Chrome encounters an EV certificate, it checks that the certificate is listed in one of the Certificate Transparency log servers. If not, the green URL bar, normally triggered by this kind of certificate, will then be deactivated. Nothing will distinguish an EV certificate from a 3-factor one.

EDIT 20180319: The Certificate Transparency will become mandatory on Chrome for any kind of certificate (DV, OV, EV) as of April 2018.


The Certificate Transparency will be applied by chromium from February 1st, 2015. The information regarding certificates already issued and expiring after this date must be published before January 31st, 2015.

Case of Symantec, Thawte and Geotrust certificates

Symantec Group has already acted in order to be compliant with the new standard as soon as possible.

Public-facing EV certificates issued By Symantec, Thawte and Geotrust have already been published. No additionnal action is required from those certificates' owners.

Case of unreachable certificates

EV SSL certificates that are not reachable (by Common Name or SAN) via the Internet have not been published. The owners of these certificates will receive, in the next few days, an email asking if they want, or not, their certificate's information to be published.

Please understand that a publication refusal is final and that it will lead to the deactivation of the green URL bar in Chrome.

EDIT 20160115: Certificate Transparency for OV certificates

As announced at the end of last year, Symantec will be expanding Certificate Transparency support across all its brands of OV products (3-factor) on 19th January 2016. No action is required from the customers, from 19th January every certificates issud by Symantec, Thawte or Geotrust will be automatically logged.

Case of GlobalSign certificates

EV certificates securing publicly available web sites will automatically be posted to CT logs during December 2014.

Case of internally accessible websites: they won't be published to CT logs. The impacted customers will have to reissue their certificate after December 31, 2014 if they need to receive the Chrome EV treatment.

As of January 1st, 2015 all EV SSL Certificates will be published to CT logs during issuance.


Presence in the Certificate Transparency:
Sectigo Globalsign Symantec, Thawte, Geotrust
Yes (from April 2018) Yes Yes Yes (from 30th October 2017) Yes Yes Yes

Useful links