Certificate Transparency (CT) is an experimental IETF open standard[1] and open source framework for monitoring and auditing digital certificates. One of the problems with digital certificate management is that fraudulent certificates take a long time to be spotted, reported and revoked by the browser vendors. Certificate Transparency would help by making it impossible for a certificate to be issued for a domain without the domain owner knowing.
Questions tagged [certificate-transparency]
25 questions
4
votes
1 answer
Referrer policy hide the referrer of self-signed certificates
I can't seem to get the referrer on a 3rd party XHR request to a development server with a self-signed certificate.
After complying to chrome's use of SAN instead of CN and registering my self-signed localhost certificate, I got the green dot for…
Eran Betzalel
- 4,105
- 3
- 38
- 66
3
votes
0 answers
How to implement Certificate Transparency for Flutter
I want to implement Certificate Transparency for Flutter on both iOS and Android but without success, can anyone help me with a Flutter example?
I could not find any article or package on https://pub.dev/
Thanks in advance!
Durul Dalkanat
- 7,266
- 4
- 35
- 36
2
votes
1 answer
Can certificate transparency detect SSL Pinning bypass in Mobile Applications?
I was reading through Certificate Transparency (CT) and its capabilities to monitor use and abuse of certificates. I am wondering if CT can detect SSL Pinning bypass in Mobile application (in case of Web Application for that matter). Request you to…
Shashank Gosavi
- 71
- 6
2
votes
1 answer
How to implement Certificate Transparency for Xamarin.Android
I'm trying this is one week to implement Certificate Transparency for Xamarin.Android but without success, can any one help me with a xamarin exemple or algo similar?
Thanks in advance!
I try use…
khalid
- 121
- 8
2
votes
1 answer
Do browsers support certificate transparency?
The google's certificate transparency project has been in place for some time, google chrome and mozilla firefox have both claimed to have joined the project, but how do I test if the browser actually suports certificate transparency and the three…
H. Bob
- 21
- 3
2
votes
2 answers
How to use certificate-transparency library?
The Python library for searching certificate logs has very little documentation. How is it possible to use it to search the logs and retrieve something intelligible?
The closest I can find is just to run dashboard.py or simple_scan.py, but…
user124384
- 400
- 1
- 9
- 22
1
vote
0 answers
SSL Pinning vs Certificate Transparency
I am trying to understand whether SSL Pinning or Certificate transparency is the right way to go. Been reading online and found some article that suggests the SSL Pinning is depreciated. Can you help me with some insights about that? what is better?…
Eman Darwish
- 11
- 1
1
vote
1 answer
Why encode a binary value as a byte instead of a bit?
I am used to seeing the encoding of flags (i.e., binary values) as bits. See, for example, the SYN and ACK flags in the TCP header.
I recently stumbled upon the specification of Certificate Transparency:…
synack
- 13
- 3
1
vote
1 answer
How to check certificate transparency used during server trust
We are building an iOS SDK using certificate transparency to verify SSL connections. This is was initially implemented using ATS in the info.plist but we came across an issue:
Users could install a profile and fully trust a root certificate that…
hrybrn
- 11
- 1
1
vote
0 answers
Trusted Root Certificate not trusted
I have a strange problem that I don't understand. I think it was working before and I do suspect an update to macos that I loaded on my macbook air just before, but I thought I would ask the question here to see if anyone has any insight.
I am…
akc42
- 4,893
- 5
- 41
- 60
1
vote
1 answer
How to check google -transparency logs to detect malicious ssl certificates of my domain
I would like to use google certificate transparency API to check the malicious SSL certificates(if any) of my domain. I am able to get all the certificates but how do i check whether the certificate is legitimate or not.
I had found this…
Pavan Kalyan k
- 11
- 1
1
vote
0 answers
How to retrieve SCTs when using OpenSSL?
I am not getting any SCTs when using OpenSSL. After setting up the SSL connection, I'm calling
SSL_enable_ct(ssl, SSL_CT_VALIDATION_PERMISSIVE);
const STACK_OF(SCT) *sct_stack = sk_SCT_new_null();
sct_stack = SSL_get0_peer_scts(ssl);
printf("%i SCTs…
Brian Hogan
- 11
- 1
0
votes
0 answers
How can I create a cryptography.x509.PrecertificateSignedCertificateTimestamps?
To create a cryptography.x509.PrecertificateSignedCertificateTimestamps, I need a list of certificate_transparency.SignedCertificateTimestamp, but I don't know how to do that, and what kind of information I need.
I'm making x509 certificate on my…
OOYXLOO
- 1
0
votes
1 answer
Unable to create a tree in Trillian log mysql database
I am using an on premise kubernetes cluster (with istio) to integrate my application with Trillian. I have deployed a mysql database together with a personality, a server and a signer, but I am not able to create a tree using the command here…
Leviathan
- 51
- 8
0
votes
1 answer
HTTPS - verification of server SSL certificate by the browser
I have one doubt regarding process of server SSL certificate's verification by the web browser (like Firefox/Chrome).
I read a lot about mechanisms which minimize the risk of application of misissued CA/intermediate CA certificates (i.e. hacked CA…
BartekS
- 127
- 1
- 1
- 7