The beginning of this month saw the enforcement of a Certificate Transparency (CT) initiative by Google to log, audit and monitor certificates that CAs have issued. The idea behind this is to create a public log of all SSL certificates allowing a domain owner to monitor the log for the issuance of certificates on any domain they own.
From February 2015 Google Chrome will no longer show the Green address bar for EV certificates that do not appear in a public CT log. *The following FAQ applies to Geotrust, Thawte and Symantec EV Certificates.
The Green Address Bar – How do these changes affect my existing EV SSL Certificates?
For EV certificates that have already been issued by Geotrust, Thawte and Symantec the details for external certificates will have been automatically appended to the CT log by December 2014.
What is the difference between external and internal EV certificates?
Customers with issued EV certificates that are only used within private networks and not accessible from the public interne will not be automatically published to the public CT logs. Owners of internal EV certificates must contact Loudex support asking to opt-in. If your EV Certificates are publicly accessible you do not need to do anything. Geotrust, Thawte and Symantec will automatically publish the details of your EV certificates to a public CT log by the end of December 2014. For other providers you need to refer to their support channels.
Can I opt-out of adding my certificate to the CT log?
No. This will be automatic to ensure continuation of your Green Address Bar. However sometime after December 2014 we will provide customers with the ability to enable or disable publication of the certificate during enrollment, replacement or renewal.
What information will the public CT log hold?
The common name, subject alternative names, organization information, the issuer’s name, serial number, dates, extensions and any intermediate certificates in the chain.
What if I don’t enable Certificate Transparency?
If you do not enable CT on your EV certificates then from February 2015 Google Chrome will no longer display the green address bar.
More information about Certificate Transparency: http://www.certificate‐transparency.org/