Certificate Transparency (CT) is an experimental IETF open standard[1] and open source framework for monitoring and auditing digital certificates. One of the problems with digital certificate management is that fraudulent certificates take a long time to be spotted, reported and revoked by the browser vendors. Certificate Transparency would help by making it impossible for a certificate to be issued for a domain without the domain owner knowing.
Questions tagged [certificate-transparency]
25 questions
0
votes
1 answer
CertificateTransparency: Failure: No certificates
Hello I implemented this library (https://github.com/babylonhealth/certificate-transparency-android) with okhttp/certificate pinning (using TrustKit)
the problem is that i received an error even tho the hostname has the logs
checking in Google…
Javier
- 1,469
- 2
- 20
- 38
0
votes
1 answer
certificate transparency logs-API limited range for entries
just wondering if the http://ct.googleapis.com/logs/argon2021/ct/v1/get-entries?start=12345&end=12345 has a limit in the range.
right now I can just get up to 20 entries in that API. for example I want to get recent records and the current tree size…
glovescoffee
- 13
- 5
0
votes
1 answer
Certificate Transparency Logs for C#
Currently working on a certificate transparency logs. My goal is to read each log just like what CertStream - (Open the fire hose button) did, my boss wants to create another one that is written in C#. Just a simple code to parse the logs can really…
glovescoffee
- 13
- 5
0
votes
1 answer
Can't pars subjectAlternativeNames in java
I try to parse extra data of certificate in java. I interested in subjectAlternativeNames section. My code is:
CertificateFactory certFactory =…
Anton
- 1,051
- 1
- 9
- 21
0
votes
1 answer
Android certificate transparency
I am trying to use the sdk from babylon to test CT in android app.
I tried as given here https://github.com/babylonhealth/certificate-transparency-android
but I am getting the logs System.out: xxx.xxx.xxx.xxxx.org -> Success: SCT not enabled for…
png
- 4,368
- 7
- 69
- 118
0
votes
1 answer
Generate sha256-Value for use in CertificateTransparencyEnforcementDisabledForLegacyCas
Since Chrome 68 certificate transparency is enforced. That's a big problem with the SSL-decryption of our corporate proxy.
The proxy's certificate is added to the system's certificate store, this worked like a charm until Chrome 68.
There's a policy…
muffl0n
- 3
- 1
- 3
0
votes
1 answer
Testing Expect-CT reports
I'm writing an Express route for Expect-CT violations and I do not know how to create mock violations to trigger the report-uri directive.
Is there a way to trigger this in-browser or through cURL / Postman?
My thoughts was to recreate the JSON body…
Quill
- 2,729
- 1
- 33
- 44
0
votes
1 answer
How to enable Certificate Transparency checks for all domains in iOS ATS config?
By default, iOS does not enforce Certificate Transparency for HTTPS connections.
Since iOS 10, Apple introduced a new ATS config key, NSRequiresCertificateTransparency. By default this is NO, and if a developer wants to enable CT checks, he can turn…
iosswiftdev
- 21
- 3
0
votes
4 answers
Certificate transparency and privately installed certs
Does anyone know whether the certificate transparency feature as promoted by Google can/will apply to private installed CAs?
It seems like Chrome is already enforcing CT in some situations, presumably by auditing public CA logs. For private CAs that…
RomanK
- 1,258
- 7
- 18
0
votes
1 answer
certificate-transparency how to query certificates for a domain
I want to get a list of ssl certificates used by all fqdn of a domain name. So, we can imagine that I search google.com certificates. I will get the google.com and www.google.com certificate but I want also get checkout.google.com certificate and…
Samuel Dauzon
- 10,744
- 13
- 61
- 94