Chromium Certificate Transparency Policy
This repository contains documents related Chromium's Certificate Transparency policies, such as the Certificate Transparency Log Policy.
Their contents can be discussed in the email@example.com forum.
For Certificate Authorities
In order to help protect users of the Chromium Projects, CAs are expected to support Certificate Transparency. This allows users, the Chromium Authors, and the public to verifiably audit that CAs are conforming to the policies set out in Chromium's Root Certificate Policy.
Chromium requires all publicly-trusted TLS certificates issued after April 30, 2018 to support CT as described in the Certificate Transparency in Chrome Policy. Extended Validation (EV) TLS certificates issued before this date are also required to support CT in order to be recognized as an EV certificate in Chromium.
For Log Operators
In order for a Log to be included within Chromium, it must meet the requirements of the Certificate Transparency Log Policy. The Log Policy describes the steps for Log Operators to submit Logs for inclusion within Chromium.
The following table includes information about the Certificate Transparency Logs that are recognized by Chromium. It includes information about who operates the log, the name the log has been given, and the URL that can be used for logging certificates or inspecting the certificates that have been logged.
Note: The authoritative list is maintained in the Chromium code base. This is merely informational.
Once, but no longer, Qualified Logs
|Log Operator||Name||Log URL||MMD||Qualified In||Last Accepted SCT|
|Certly||Certly.IO Log||https://log.certly.io||24 hours||Chrome 43||15 April 2016 00:00:00 UTC.|
|Izenpe||Izenpe Log||https://ct.izenpe.com||24 hours||Chrome 44||30 May 2016 00:00:00 UTC.|
|Venafi||Venafi CT Log Server||https://ctlog.api.venafi.com/ct/v1||24 hours||Chrome 47||28 Feb 2017 18:42:26 UTC.|
|WoSign||WoSign Log||https://ctlog.wosign.com/||24 hours||Chrome 54||12 Feb 2018 23:59:59 UTC.|
|StartCom||StartCom CT Log||https://ct.startssl.com/||24 hours||Chrome 54||12 Feb 2018 23:59:59 UTC.|
|CNNIC||CNNIC CT Log||https://ctserver.cnnic.cn/||24 hours||Chrome 53||18 Sep 2018 00:00:00 UTC.|
|DigiCert||Symantec Log||https://ct.ws.symantec.com||24 hours||Chrome 45||16 Feb 2019 00:00:00 UTC.|
|DigiCert||Symantec 'Vega' Log||https://vega.ws.symantec.com/||24 hours||Chrome 50||16 Feb 2019 00:00:00 UTC.|
|DigiCert||Symantec 'Sirius' Log||https://sirius.ws.symantec.com/||24 hours||Chrome 60||16 Feb 2019 00:00:00 UTC.|
|Google 'Argon2018' Log||https://ct.googleapis.com/logs/argon2018/||24 hours||Chrome 65||Rejected - Shard Expired|
|Cloudflare||Cloudflare 'Nimbus2018' Log||https://ct.cloudflare.com/logs/nimbus2018/||24 hours||Chrome 65||Rejected - Shard Expired|
|DigiCert||DigiCert 'Yeti2018' Log||https://yeti2018.ct.digicert.com/log/||24 hours||Chrome 67||Rejected - Shard Expired|
|DigiCert||DigiCert 'Nessie2018' Log||https://nessie2018.ct.digicert.com/log/||24 hours||Chrome 72||Rejected - Shard Expired|
|Cloudflare||Cloudflare 'Nimbus2019' Log||https://ct.cloudflare.com/logs/nimbus2019/||24 hours||Chrome 65||Rejected - Shard Expired|
|DigiCert||DigiCert 'Yeti2019' Log||https://yeti2019.ct.digicert.com/log/||24 hours||Chrome 67||Rejected - Shard Expired|
|DigiCert||DigiCert 'Nessie2019' Log||https://nessie2019.ct.digicert.com/log/||24 hours||Chrome 72||Rejected - Shard Expired|
|Google 'Argon2019' Log||https://ct.googleapis.com/logs/argon2019/||24 hours||Chrome 65||Rejected - Shard Expired|
|Google 'Xenon2019' Log||https://ct.googleapis.com/logs/xenon2019/||24 hours||Chrome 73||Rejected - Shard Expired|
|Let's Encrypt||Let's Encrypt 'Oak2019' Log||https://oak.ct.letsencrypt.org/2019/||24 hours||Chrome 78||Rejected - Shard Expired|
|Venafi||Venafi Gen2 CT log||https://ctlog-gen2.api.venafi.com/||24 hours||Chrome 59||Rejected - All Certs Expired|
|DigiCert||DigiCert Log Server 2||https://ct2.digicert-ct.com/log/||24 hours||Chrome 60||04 May 2020 00:00:40 UTC|
Chromium Certificate Transparency Policy Version 1.0