Chromium‎ > ‎Chromium Security‎ > ‎

Certificate Transparency


Chromium includes support for Certificate Transparency, a protocol defined by RFC 6962. Certificate Transparency is a way for interested parties, such as Certificate Authorities, to provide a publicly auditable record of certificate issuance, through submitting these certificates to a Certificate Transparency Log.

Discussions related to Chromium's Certificate Transparency support happen on the Certificate Transparency Policy group/mailing list.

For Certificate Authorities

In order to help protect the users of the Chromium Projects, CAs are expected to support Certificate Transparency. This allows users, the Chromium Authors, and the public to publicly audit that CAs are conforming to the policies set out in the Root Certificate Policy.

Currently, Chromium does not enforce that all Root CAs support Certificate Transparency for all certificates. However, it is required for some CAs, and it is required in order to have a certificate recognized as an EV certificate, that the certificate MUST be CT Qualified. For more details, including timelines and requirements, see the Certificate Transparency in Chrome Policy.

For Log Operators

In order for a Log to be included within Chromium, it must meet the requirements of the Certificate Transparency Log Policy. The Log Policy also describes the steps for Log Operators to submit Logs for inclusion within Chromium.

Recognized Logs

The following table includes information about the Certificate Transparency Logs that are recognized by Chromium. It includes information about who operates the log, the name the log has been given, and the URL that can be used for logging certificates or inspecting the certificates that have been logged.

Note: The authoritative list is maintained in the Chromium code base. This is merely informational.

Qualified Logs

 Log Operator  Name  Log URL  Maximum Merge Delay  Included Since 
 Google  Google 'Pilot' Log  24 hours  Revision
 Chrome: 35
 Google  Google 'Aviator' Log  24 hours  Revision
 Chrome: 35
 Note: Frozen (not accepting new certificates)
 DigiCert  DigiCert's Certificate Transparency log  24 hours  Revision
 Chrome: 41
 Google  Google 'Rocketeer' Log  24 hours  Revision:
 Chrome: 43

 Symantec Log  24 hours  Revision
 Chrome: 45
 Symantec Symantec 'Vega' Log 24 hours Revision:
 Chrome: 50
 CNNIC CNNIC CT Log 24 hours Revision:
 Chrome: 53
 WoSign WoSign Log 24 hours Revision:
 Chrome: 54
 StartCom StartCom CT Log  24 hours Revision:
 Chrome: 54
 Google Google 'Skydiver' Log 24 hours Revision:
 Chrome: 55 
 Google Google 'Icarus' Log 24 hours Revision:
 Chrome: 55 
 Comodo Comodo 'Sabre' Log 24 hours Revision: 
 Chrome: 60
 Comodo Comodo 'Mammoth' Log 24 hours Revision 
 Chrome: 60

Once, but no longer, Qualified Logs

Log Operator Name Log URL Maximum Merge Delay Included Since 
 Certly  Certly.IO Log  24 hours  Revision:
 Chrome: 43
 Last Accepted SCT: 15 April 2016 00:00:00 UTC.
 Izenpe Izenpe Log 24 hours Revision
 Chrome: 44
 Last Accepted SCT: 30 May 2016 00:00:00 UTC.
 Venafi Venafi CT Log Server 24 hours Revision
 Chrome: 47
 Last Accepted SCT: 28 Feb 2017 18:42:26 UTC.