Certificate Transparency Ecosystem

Disclaimer: The information on this page is provided on an "as is" and "as available" basis with no guarantees of completeness, accuracy, usefulness, or timeliness. Opsmate, Inc. assumes no responsibility or liability for any errors or omissions in the information. To the fullest extent permitted under applicable law, Opsmate, Inc. disclaims all warranties of any kind, express or implied, with regard to the information, including, but not limited to, that the information will be provided uninterrupted, error-free, omission-free, or free of viruses or other harmful items.

Logs

NameAddressIDKeyScopeSoftwareTLS ClientsMonitorsComments
ChromeAppleSSLMateCert Spotterct-honeybeecrt.shCensysEdgecombeMerkle Town
Behind The SofaKeyTrustedTrillianNoYesYesFilippo Valsorda's personal log, located behind his sofa. Accessible over IPv6 only.
CNNICKeyTrustedSuperDuperDisqualifiedIncludedYes0.1YesYesYesYesYes
Cloudflare CirrusKeyRPKITrillian-CFNoYesYesYes
Cloudflare Nimbus 2017KeyTrustedTrillian-CFRejectedIncludedNoYes<20468368YesYesYes
Cloudflare Nimbus 2018KeyTrustedTrillian-CFM65IncludedYes0.9YesYesYesYesYesOnly accepts certs expiring in 2018, but contains certs expiring before 2018. Served incorrect entries at 37070048, 37070049, and 37083753 (since corrected).
Cloudflare Nimbus 2019KeyTrustedTrillian-CFM65IncludedYes0.9YesYesYesYesYes
Cloudflare Nimbus 2020KeyTrustedTrillian-CFM65IncludedYes0.9YesYesYesYesYes
Cloudflare Nimbus 2021KeyTrustedTrillian-CFM65IncludedYes0.9YesYesYesYesYes
Cloudflare Nimbus 2022KeyTrustedTrillian-CFApplyingYesYesYesYesYes
Cloudflare Nimbus 2023KeyTrustedTrillian-CFApplyingYesYesYesYes
DigiCertKeyTrustedDigiCertM41IncludedYes0.1YesYesYesYesYes
DigiCert 2KeyTrustedDigiCertM60IncludedYes0.8YesYesYesYesYes
DigiCert GolemTestingYesNot publicly announced; not recommended for submission or monitoring
DigiCert Nessie 2018KeyTrustedDigiCert-HPApplyingPendingYesYesYesYesYes
DigiCert Nessie 2019KeyTrustedDigiCert-HPApplyingPendingYesYesYesYesYes
DigiCert Nessie 2020KeyTrustedDigiCert-HPApplyingPendingYesYesYesYesYes
DigiCert Nessie 2021KeyTrustedDigiCert-HPApplyingPendingYesYesYesYesYes
DigiCert Nessie 2022KeyTrustedDigiCert-HPApplyingPendingYesYesYesYesYes
DigiCert Yeti 2018KeyTrustedDigiCert-HPM67PendingYesYesYesYesYes
DigiCert Yeti 2019KeyTrustedDigiCert-HPM67PendingYesYesYesYesYes
DigiCert Yeti 2020KeyTrustedDigiCert-HPM67PendingYesYesYesYesYes
DigiCert Yeti 2021KeyTrustedDigiCert-HPM67PendingYesYesYesYesYes
DigiCert Yeti 2022KeyTrustedDigiCert-HPM67PendingYesYesYesYesYes
GDCA 1KeyTrustedSuperDuperRejectedPendingYesYesYesYesYesYesLog server SSL certificate not trusted by NSS
GDCA Old 1KeyTrustedSuperDuperRejectedYes<4327<4328YesLog server SSL certificate not trusted by NSS
Google Argon 2017KeyTrustedTrillianRejectedIncludedYes0.7 - 0.8YesYesYesYesYes
Google Argon 2018KeyTrustedTrillianM65IncludedYes0.7YesYesYesYesYes
Google Argon 2019KeyTrustedTrillianM65IncludedYes0.7YesYesYesYesYes
Google Argon 2020KeyTrustedTrillianM65IncludedYes0.7YesYesYesYesYes
Google Argon 2021KeyTrustedTrillianM65IncludedYes0.7YesYesYesYesYes
Google AviatorKeyTrustedTrillianM35FrozenYes0.1Yes<46466472<46466472YesYesFrozen due to MMD violation
Google CrucibleKeyTestingTrillianNoYes
Google DaedalusKeyExpiredTrillianYesYesYesYesYes
Google IcarusKeyTrustedTrillianM55IncludedYes0.3YesYesYesYesYesOnly accepts Let's Encrypt; paired with Skydiver
Google PilotKeyTrustedTrillianM35IncludedYes0.1YesYesYesYesYes
Google RocketeerKeyTrustedTrillianM43IncludedYes0.1YesYesYesYesYes
Google SkydiverKeyTrustedTrillianM55IncludedYes0.3YesYesYesYesYesDoes not accept Let's Encrypt; paired with Icarus
Google Solera 2018KeyTestingTrillianNoYes
Google Solera 2019KeyTestingTrillianNoYes
Google Solera 2020KeyTestingTrillianNoYes
Google Solera 2021KeyTestingTrillianNoYes
Google Solera 2022KeyTestingTrillianNoYes
Google SubmarinerKeyUntrustedTrillianYesYesYesYesYes
Google Test TubeKeyTestingTrillianNoYesNoYesYes
Google Xenon 2018KeyTrustedTrillianApplyingPendingYesYesYesYesYes
Google Xenon 2019KeyTrustedTrillianApplyingPendingYesYesYesYesYes
Google Xenon 2020KeyTrustedTrillianApplyingPendingYesYesYesYesYes
Google Xenon 2021KeyTrustedTrillianApplyingPendingYesYesYesYesYes
Google Xenon 2022KeyTrustedTrillianApplyingPendingYesYesYesYesYes
Let's Encrypt BirchTrustedYesNot publicly announced; not recommended for submission or monitoring
Let's Encrypt FauxTestingUsed for untrusted certificates from Let's Encrypt's test environment
Let's Encrypt OakTrustedYesNot publicly announced; not recommended for submission or monitoring
Let's Encrypt Spruce 2018TrustedNot publicly announced; not recommended for submission or monitoring
NORDUnet PlausibleKeyTrustedCatlfishNoYesYesYesYesTest log; also accessible over Tor at plausibe7ba4mlsu.onion
SHECAKeyTrustedSuperDuperRejectedYesYesYesYes
Sectigo DodoKeyUntrusted, TestingSuperDuper<6395988YesYesYesYesTest log; formerly Comodo
Sectigo MammothKeyTrustedSuperDuperM60IncludedYes0.6YesYesYesYesYesFormerly Comodo
Sectigo SabreKeyTrustedSuperDuperM60IncludedYes0.6YesYesYesYesYesFormerly Comodo
Venafi Gen2KeyTrustedSuperDuperM59IncludedYes0.5YesYesYesYesYes
WoTrusKeyTrustedApplyingYesYesYesYesYes
ctlog.keysupport.orgTrustedYesNot publicly announced; not recommended for submission or monitoring
Test StartCom/WoSign log, accidentally used for logging pre-certificates from StartCom's new PKI.
AkamaiKeyTrustedRejectedNo<324<324
CertlyKeyTrustedSuperDuperDisqualifiedDisqualified<1721095<1721095YesNo<1721095
GDCA 2KeyTrustedSuperDuperRejectedPendingYesYesYesYesYesLog server SSL certificate not trusted by NSS
GDCA 2 (Old Key)KeyTrusted<0
GDCA Old 2KeyTrustedSuperDuperRejected<1721<1721<1721YesLog server SSL certificate not trusted by NSS
IzenpeAKeyTrustedDisqualifiedDisqualified<163222<163222Yes<163222Test log used same key as production log
B<17906
Izenpe ArgiKeyTrustedRejected<4459<4460Yes<4494
Let's Encrypt ClickyKeyTrustedTrillianNo<27746475Yes<27746475Test log
NORDUnet FlimsyKeyCatlfishNoNoNo
PuChuangSiDa 1KeyTrustedDistrusted<17450.4 - 0.5<1745<1549<1745Will be totally distrusted in Chrome.
SHECA OldKeyTrustedRejectedNo<10<10Log server does not support HTTPS, therefore not compliant with RFC6962.
SSLWatcher.com AlphaKeyTrustedsslwatcherRejectedNoNoNo
StartComKeyTrustedSuperDuperDisqualifiedDisqualified<3593460.3 - 0.8<359366YesYesYesFrozen and disqualified due to failure to incorporate certificates.
SymantecKeyTrustedM45Included<94268030.1<9426803YesYesYes
Symantec DenebKeyTrusted<43310<43310YesYesWas used by Symantec to log redacted franken-certs
Symantec SiriusKeyTrustedM60Included<14039180.8<1403918YesYesYes
Symantec VegaKeyTrustedM50Included<16733000.1<1673300YesYesYes
VenafiAKeyTrustedDisqualifiedDisqualified0.1 - 0.3<99988Yes<99988Forked at STH 90155.
B<90161
WoSignKeyTrustedSuperDuperDisqualifiedDisqualified<92146050.3 - 0.8<9214615YesYesYesDisqualified due to failure to incorporate certificates.
WoSign 2KeyTrustedSuperDuperRejected<954<954<954
WoSign 3KeyTrustedSuperDuper<2<2<2Intended for redacted certificates, code signing certificates, and client certificates issued by WoSign. Not to be trusted by clients.
WoSign OldKeyTrustedRejectedNo<41861No<41861
WoTrus 3KeyTrusted<2<2YesYesIntended for redacted certificates, code signing certificates, and client certificates issued by WoSign. Not to be trusted by clients.
GoogleUnannounced Google Log
GoogleUnannounced Google Log
GoogleUnannounced Google Log
GoogleUnannounced Google Log
GoogleUnannounced Google Log
GoogleUnannounced Google Log
GoogleUnannounced Google Log

Log Status

Operational
The log is up and running normally.
Frozen
The log is up but is no longer accepting new entries or producing new STHs.
Dead
The log is no longer running.
Forked
The log has presented more than one view. Information about each branch is displayed in a separate row.

Log Scope

Trusted
The log is intended for WebPKI certificates trusted by TLS clients. (Note: although the log accepts trusted certificates, the log itself may be intended for testing - see comments.)
Untrusted
The log is intended for WebPKI certificates that are not presently trusted by TLS clients, but may be trusted in the future, or were trusted in the past.
Expired
The log is intended for expired WebPKI certificates.
Testing
The log is intended for untrusted WebPKI test certificates.
RPKI
The log is intended for RPKI certificates.

Log Software

Trillian (25)
Google's latest open source log implementation (Apache-2)
DigiCert-HP (10)
DigiCert's new high performance log implementation (Proprietary)
Trillian-CF (8)
Trillian, with Cloudflare patches (Proprietary)
SuperDuper (8)
Google's original open source log implementation (Apache-2)
DigiCert (2)
DigiCert's original log implementation (Proprietary)
Catlfish (1)
Experimental log implementation by NORDUNet (BSD)
Google (0)
Google's original closed source log implementation (Proprietary)
sslwatcher (0)
Defunct log implementation written in Ruby (GPLv3)

Chrome Status

Applying
The log is the process of applying for inclusion in Chrome.
Rejected
The log was rejected before it was included.
VERSION
The log has been included in Chrome since version VERSION.
Disqualified
The log was included in Chrome, but has been disqualified. Embedded SCTs issued before disqualification can generally still be used, subject to caveats as explained in the Chrome CT Policy. Other SCTs are treated the same as SCTs from unknown logs. See the linked bug report for details.
Distrusted
The log was included in Chrome, but has been distrusted. SCTs from this log are treated the same as SCTs from unknown logs. See the linked bug report for details.
-
Chrome does not know about this log.

Standalone Monitor Status

Yes
The log is monitored by this monitor software.
VERSION
The log has been monitored since version VERSION of this monitor software.
FIRST_VERSION - LAST_VERSION
The log was monitored from version FIRST_VERSION until version LAST_VERSION of this monitor software.
-
The monitor does not know about this log.

Monitor-as-a-Service Status

Yes
The log is monitored by this monitor service.
No
The monitor service knows about the log but does not monitor it.
<TREE_SIZE
The log was previously monitored by this monitor service up to TREE_SIZE entries.
-
The monitor does not know about this log.

sth-pollination Endpoints

Resources

CC0

To the extent possible under law, Opsmate, Inc. has waived all copyright and related or neighboring rights to this work. This work is published from the United States of America.

Generated from XML using XSLT.