What is Certificate Transparency Logs?

Certificate Transparency (CT) is an open framework for monitoring SSL/TLS certificates. In IT security, there are constantly challenges in verifying digital certificates - Certificate Authorities (CA) play an important role here as they issue SSL/TLS certificates. Therefore, it is important that CT logs exist to ensure integrity and transparency in the certificate system. Often, incorrectly issued certificates are discovered late; CT logs are meant to prevent this.

DigiNotar Hack: Trigger for Certificate Transparency

The development of Certificate Transparency essentially began with the sensational hack of DigiNotar. DigiNotar was a Certificate Authority (CA). The attackers were able to issue valid SSL/TLS certificates for numerous domains using DigiNotar's system - including google.com. Ultimately, the attackers were able to spy on Iranian citizens without them having any chance of noticing. A classic man-in-the-middle attack was used here.

How does the Certificate Transparency Framework work?

CT logs are public logs to which only new entries can be added. CT logs are operated by independent bodies and browser manufacturers. SSL/TLS certificates and precertificates are entered into these logs to increase transparency. The process uses cryptographic methods like the Merkle Tree Hash to ensure the integrity of the logs. Signed Certificate Timestamps (SCTs) are issued by the logs to confirm that a certificate has been stored.

What role do SCTs and Merkle Trees play?

SCTs (Signed Certificate Timestamps) are proof that a certificate has been entered into a CT log. The Merkle Tree Hash ensures that the entries in the logs cannot be manipulated. Therefore, it is important that these technologies are implemented correctly to ensure security.

Why is Certificate Transparency important for IT security?

Certificate transparency makes it possible to detect incorrectly issued TLS/SSL certificates early and thus increase internet security. Browsers like Google Chrome use CT logs to verify the trustworthiness of certificates. Therefore, it is important that certification authorities comply with the CA/B Forum baseline requirements and validate certificates correctly. Often, the revocation process for certificates is complicated; CT logs and CT monitors help to improve this process.

How do browsers support certificate transparency?

Browsers like Google Chrome and Mozilla check the existing SCTs in certificates when establishing a TLS connection. SCTs can be provided in various ways, for example through SCT stapling in the TLS protocol or through OCSP stapling. This should be addressed when configuring the web server to ensure that SCTs are transmitted correctly.

Which certificate types are affected?

Certificate transparency affects all types of SSL/TLS certificates, including Extended Validation (EV), Organization Validated (OV), and Domain Validated (DV) SSL/TLS certificates. High-assurance certificates like EV SSL/TLS certificates require particularly strict validation requirements. Therefore, it is important that certification authorities and domain owners observe the CA/Browser Forum Baseline Requirements.

  1. Extended Validation (EV) SSL/TLS certificates:
    Provide the highest level of trust through strict organization checks. Therefore, it is important that they are entered in CT logs.
  2. Organization Validated (OV) SSL/TLS certificates:
    Validate the existence of the organization, often seen on business websites.
  3. Domain Validated (DV) SSL/TLS certificates:
    Only confirm control over the domain. One should look closely at the security assessment here.

How are Certificate Transparency Logs used?

Certificate Transparency Logs are used to make all issued TLS/SSL certificates publicly accessible. Browsers and certificate checks access these logs to verify the validity of certificates. Certification authorities like DigiCert and GlobalSign enter their certificates in CT logs to meet the root program requirements of browser manufacturers like Google and Mozilla.

What are precertificates and why are they important?

Precertificates are special certificates that are entered into CT logs before final issuance. They allow SCTs to be obtained from the CT log before the final certificate is issued. Therefore, it is important that precertificates are handled correctly to ensure the integrity of the certification process.

How do CT monitors help with security?

CT monitors observe CT logs and notify domain owners about new certificates issued for their domains. Facebook, for example, offers a free CT monitoring service. This allows incorrectly issued certificates to be quickly discovered and the revocation process to be initiated.

  1. CT monitors from Facebook:
    Offer free notifications about new certificates for your domain.
  2. CT monitors from third-party providers:
    Allow individual customization and advanced monitoring.
  3. CT monitors from DSecured Argos:
    Monitors certificates of a domain and notifies about changes.

What challenges exist with Certificate Transparency?

Although Certificate Transparency offers many advantages, there are also challenges. For example, certification authorities and browser manufacturers must work together to implement the CA/B Forum baseline requirements. Additionally, root program requirements must be met to maintain user trust. SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are complex protocols, and integrating CT can mean additional complexity.

OCSP (Online Certificate Status Protocol) is a protocol for checking the revocation status of certificates. Through OCSP stapling, web servers can transmit the current status of a certificate directly to the browser. In combination with SCT stapling in the TLS protocol, both the certificate status and SCTs can be provided efficiently.

Attack Surface: CT Logs

From an attacker's perspective, these logs are also of interest. Why? Because you can read many hosts from the certificates and thus get a first insight into the external attack surface of a company. Argos uses CT logs, for example, as a method of asset discovery. This data in combination with cloud assets from AWS and Google can quickly and effectively reveal Shadow IT. It's no coincidence that CT log providers (usually Google or Facebook are used) are also very popular in Red Teaming.

One must be aware that these logs are transparent and public. Anyone can view them. Multi-tenant SaaS providers in particular often don't have this on their radar. Their configuration provides that each customer gets their own subdomain. An example would be: customer1.saas-provider.com, customer2.saas-provider.com. These subdomains are visible in the CT logs. This is of course interesting for the competition - you can quickly find out who is a customer of a provider. This can also be of interest to attackers. The better solution for this use case is to use wildcard domains, i.e., *.saas-provider.com.

Topics on CT Logs

More info material

Thank you for your feedback! We will review it and optimize this content.

Do you have feedback on CT Logs? Tell us!

Damian Strobel
With DSecured Argos eASM you can monitor your certificates and detect attacks.

Services

Penetration testing

Penetration testing

Focused search for security vulnerabilities in your software products and servers.

Red Teaming

Simulation of real attacks on your company including people, infrastructure and processes.

Phishing

Phishing exercises increase your employees' awareness of real attacks via email.

Overview of all services