PHP command line tool to generate Certificate Transparency information
This script is tuned to work with Let's Encrypt certificates so it submits the certificate to:
Submitting cts logs
You can use
cts-submit.php to submit the cert to Certificate Transparency servers and get the sct.
./cts-submit.php <certificate> <intermediate> <sctfile>
./cts-submit.php www.example.com_crt.pem lets-encrypt-x1-cross-signed.pem /my/scts/file.sct > www.example.com_sct.pem
<sctdir> is optional. If you do not specify it you'll only get the base64 encoded sct and not binary one written to a file.
If you only use the scts in binary format (by using the sct dir) you do not need to catch the output (
Concenating cts logs
./cts-cat.php <ctslog1> <ctslog2>
./cts-cat.php /my/scts/firstsite.sct /my/scts/secondsite.sct
All methods will provide the certificate transparency information to the browser using tls extention.
Apache - server info
To use this you will need a recent apache version and add the following command in the virtual host:
SSLOpenSSLConfCmd ServerInfoFile path_to/www.example.com_sct.pem
Apache - module
mod_ssl_ct and OpenSSL 1.0.2 or later. Follow the documentation on their site for more information. (use
You have to compile nginx with the
Add this to your nginx config:
ssl_ct on; ssl_ct_static_scts /my/scts;
Testing certificate transparency
You can access your website using Google Chrome or Chromium and click in the address bar on the lock icon to see whether Chrome/Chromium recognizes the certificate transparency.
The SSLLabs test also checks for certificate transparency. When everything works it should say
Certificate Transparency Yes (TLS extension).