Certificate Transparency Ecosystem

Disclaimer: The information on this page is provided on an "as is" and "as available" basis with no guarantees of completeness, accuracy, usefulness, or timeliness. Opsmate, Inc. assumes no responsibility or liability for any errors or omissions in the information. To the fullest extent permitted under applicable law, Opsmate, Inc. disclaims all warranties of any kind, express or implied, with regard to the information, including, but not limited to, that the information will be provided uninterrupted, error-free, omission-free, or free of viruses or other harmful items.

Logs

NameAddressIDKeyScopeSoftwareTLS ClientsMonitorsComments
ChromeAppleSSLMateCert Spotterct-honeybeecrt.sh
CNNICKeyTrustedSuperDuperRetiredRetiredMonitoredMonitoredMonitored<51925
Cloudflare CirrusKeyRPKITrillian-CFKnownMonitored
Cloudflare Nimbus 2017KeyTrustedTrillian-CFRejected<20468368KnownMonitored<20468368
Cloudflare Nimbus 2018KeyTrustedTrillian-CFRejected<265514260MonitoredMonitored<265514260Only accepts certs expiring in 2018, but contains certs expiring before 2018. Served incorrect entries at 37070048, 37070049, and 37083753 (since corrected).
Cloudflare Nimbus 2019KeyTrustedTrillian-CFRejected<493395108MonitoredMonitored<493395108
Cloudflare Nimbus 2020KeyTrustedTrillian-CFRejectedUsableMonitoredMonitoredMonitoredMonitored
Cloudflare Nimbus 2021KeyTrustedTrillian-CFUsableUsableMonitoredMonitoredMonitoredMonitored
Cloudflare Nimbus 2022KeyTrustedTrillian-CFUsableUsableMonitoredMonitoredMonitoredMonitored
Cloudflare Nimbus 2023KeyTrustedTrillian-CFUsableUsableMonitoredMonitoredMonitoredMonitored
DigiCertKeyTrustedDigiCertUsableUsableMonitoredMonitoredMonitoredMonitored
DigiCert GolemTestingNot publicly announced; not recommended for submission or monitoring
DigiCert GorgonBIMIMonitored
DigiCert Nessie 2020KeyTrustedDigiCert-HPRejectedUsableMonitoredMonitoredMonitoredMonitored
DigiCert Nessie 2021KeyTrustedDigiCert-HPUsableUsableMonitoredMonitoredMonitoredMonitored
DigiCert Nessie 2022KeyTrustedDigiCert-HPUsableUsableMonitoredMonitoredMonitoredMonitored
DigiCert Nessie 2023KeyTrustedDigiCert-HPUsableUsableMonitoredMonitoredMonitoredMonitored
DigiCert Yeti 2020KeyTrustedDigiCert-HPRejectedUsableMonitoredMonitoredMonitoredMonitored
DigiCert Yeti 2021KeyTrustedDigiCert-HPUsableUsableMonitoredMonitoredMonitoredMonitored
DigiCert Yeti 2022KeyTrustedDigiCert-HPRetiredRetired<66530000MonitoredBit flip in leaf hash at entry 65562066. Last good STH is 65551225. Log has been frozen and will be retired.
DigiCert Yeti 2022 #2KeyTrustedDigiCert-HPPendingQualifiedMonitoredMonitoredMonitoredMonitored
DigiCert Yeti 2023KeyTrustedDigiCert-HPUsableUsableMonitoredMonitoredMonitoredMonitored
Google Argon 2017KeyTrustedTrillianRejectedUsableMonitoredMonitoredMonitored
Google Argon 2018KeyTrustedTrillianRejectedUsableMonitoredMonitoredMonitored
Google Argon 2019KeyTrustedTrillianRejectedUsableMonitoredMonitoredMonitored
Google Argon 2020KeyTrustedTrillianRejectedUsableMonitoredMonitoredMonitoredMonitored
Google Argon 2021KeyTrustedTrillianUsableUsableMonitoredMonitoredMonitoredMonitored
Google Argon 2022KeyTrustedTrillianUsableUsableMonitoredMonitoredMonitoredMonitored
Google Argon 2023KeyTrustedTrillianUsableUsableMonitoredMonitoredMonitoredMonitored
Google AviatorKeyTrustedTrillian<46466472<46466472MonitoredMonitoredMonitored<46466472Frozen due to MMD violation
Google CrucibleKeyTestingTrillianKnownMonitored
Google DaedalusKeyExpiredTrillianMonitoredMonitoredMonitored
Google IcarusKeyTrustedTrillianUsableUsableMonitoredMonitoredMonitoredMonitoredOnly accepts Let's Encrypt; paired with Skydiver
Google PilotKeyTrustedTrillianUsableUsableMonitoredMonitoredMonitoredMonitored
Google RocketeerKeyTrustedTrillianUsableUsableMonitoredMonitoredMonitoredMonitored
Google SkydiverKeyTrustedTrillianUsableUsableMonitoredMonitoredMonitoredMonitoredDoes not accept Let's Encrypt; paired with Icarus
Google Solera 2018KeyTestingTrillianKnownMonitored
Google Solera 2019KeyTestingTrillianKnownMonitored
Google Solera 2020KeyTestingTrillianKnownMonitored
Google Solera 2021KeyTestingTrillianKnownMonitored
Google Solera 2022KeyTestingTrillianKnownMonitored
Google SubmarinerKeyUntrustedTrillianMonitoredMonitoredMonitored
Google Test TubeKeyTestingTrillianKnownMonitoredKnown
Google Xenon 2018KeyTrustedTrillianRejectedUsableMonitoredMonitoredMonitored
Google Xenon 2019KeyTrustedTrillianRejectedUsableMonitoredMonitoredMonitored
Google Xenon 2020KeyTrustedTrillianRejectedUsableMonitoredMonitoredMonitoredMonitored
Google Xenon 2021KeyTrustedTrillianUsableUsableMonitoredMonitoredMonitoredMonitored
Google Xenon 2022KeyTrustedTrillianUsableUsableMonitoredMonitoredMonitoredMonitored
Google Xenon 2023KeyTrustedTrillianUsableUsableMonitoredMonitoredMonitoredMonitored
Let's Encrypt Oak 2021KeyTrustedTrillianUsableUsableMonitoredMonitoredMonitoredMonitored
Let's Encrypt Oak 2022KeyTrustedTrillianUsableUsableMonitoredMonitoredMonitoredMonitored
Let's Encrypt Oak 2023KeyTrustedTrillianUsableUsableMonitoredMonitoredMonitoredMonitored
Let's Encrypt Testflume 2019KeyTrusted, TestingTrillianKnown
Let's Encrypt Testflume 2020KeyTrusted, TestingTrillianKnownMonitored
Let's Encrypt Testflume 2021KeyTrusted, TestingTrillianKnownMonitored
Let's Encrypt Testflume 2022KeyTrusted, TestingTrillianKnownMonitored
Let's Encrypt Testflume 2023KeyTrusted, TestingTrillianKnownMonitored
Sectigo DodoKeyUntrusted, TestingSuperDuper<6395988MonitoredMonitoredTest log; formerly Comodo
Sectigo MammothKeyTrustedSuperDuperUsableUsableMonitoredMonitoredMonitoredMonitoredFormerly Comodo
Sectigo SabreKeyTrustedSuperDuperUsableUsableMonitoredMonitoredMonitoredMonitoredFormerly Comodo
TrustAsia 2020KeyTrustedTrillianRejectedRejectedMonitoredMonitored<4321160Forked
TrustAsia 2021KeyTrustedTrillianRetiredRejectedMonitoredMonitoredMonitoredForked
TrustAsia 2022KeyTrustedTrillianUsableUsableMonitoredMonitoredMonitoredMonitored
TrustAsia 2023KeyTrustedTrillianUsableUsableMonitoredMonitoredMonitoredMonitored
TrustAsia CT Log 1KeyTrustedTrillianRejectedMonitored
TrustAsia CT2021KeyTrustedTrillianQualifiedMonitoredMonitoredMonitoredMonitoredReplacement for TrustAsia 2021 log
WoTrusKeyTrustedRejected<5<5
360 CT Log 2020KeyTrustedTrillianRejected<60794<60794
360 CT Log 2021KeyTrustedTrillianRejected<97389<97389
360 CT Log 2022KeyTrustedTrillianRejected<97343<97344
360 CT Log 2023KeyTrustedTrillianRejected<357<357
360 CT Log v1 2020KeyTrustedTrillianRejected<1821
360 CT Log v1 2021KeyTrustedTrillianRejected<1819
360 CT Log v1 2022KeyTrustedTrillianRejected<1820
360 CT Log v1 2023KeyTrustedTrillianRejected<1823
AkamaiKeyTrustedRejectedKnown<324
Behind The SofaKeyTrustedTrillianKnown<4531208Filippo Valsorda's personal log, located behind his sofa. Accessible over IPv6 only.
CertlyKeyTrustedSuperDuperRetiredRetired<1721095<1721095
DigiCert 2KeyTrustedDigiCertRetiredRetired<90271162<90271162Log server compromised by Salt vulnerability. Log private key presumed compromised.
DigiCert Nessie 2018KeyTrustedDigiCert-HPRejectedRetired<102686882<102686882
DigiCert Nessie 2019KeyTrustedDigiCert-HPRejectedRetired<428788<428788
DigiCert Yeti 2018KeyTrustedDigiCert-HPRejectedRetired<90785920<90785920
DigiCert Yeti 2019KeyTrustedDigiCert-HPRejectedRetired<293281869<293281869
GDCA 1KeyTrustedSuperDuperRejectedRejected<42134<42134Log server SSL certificate not trusted by NSS
GDCA 2KeyTrustedSuperDuperRejectedRejected<40141<40141Log server SSL certificate not trusted by NSS
GDCA 2 (Old Key)KeyTrusted
GDCA Old 1KeyTrustedSuperDuperRejected<4329<4327Log server SSL certificate not trusted by NSS
GDCA Old 2KeyTrustedSuperDuperRejected<1721<1721Log server SSL certificate not trusted by NSS
IzenpeAKeyTrustedRetiredRetired<163222<163222Test log used same key as production log
B
Izenpe ArgiKeyTrustedRejected<4459<4460
Let's Encrypt BirchTrustedNot publicly announced; not recommended for submission or monitoring
Let's Encrypt ClickyKeyTrustedTrillianKnown<27746475Test log
Let's Encrypt FauxTestingUsed for untrusted certificates from Let's Encrypt's test environment
Let's Encrypt Oak (Old)TrustedNot publicly announced; not recommended for submission or monitoring
Let's Encrypt Oak 2019KeyTrustedTrillianRejectedUsable<559850441<559850441
Let's Encrypt Oak 2020KeyTrustedTrillianRejectedUsable<566652310<566652310
Let's Encrypt Spruce 2018TrustedNot publicly announced; not recommended for submission or monitoring
NORDUnet FlimsyKeyCatlfishKnownKnown
NORDUnet PlausibleKeyTrusted, TestingCatlfishKnown<6258493Test log; also accessible over Tor at plausibe7ba4mlsu.onion
PuChuangSiDa 1KeyTrustedRejectedRejected<1745<1745Log operator disappeared into thin air.
SHECAKeyTrustedSuperDuperRejected<4<4
SHECA OldKeyTrustedRejectedKnown<10Log server does not support HTTPS, therefore not compliant with RFC6962.
SSLWatcher.com AlphaKeyTrustedsslwatcherRejectedKnownKnown
StartComKeyTrustedSuperDuperRetiredRetired<359346<359366Frozen and disqualified due to failure to incorporate certificates.
SymantecKeyTrustedRetiredRetired<9426803<9426803
Symantec DenebKeyTrusted<43310<43310Was used by Symantec to log redacted franken-certs
Symantec SiriusKeyTrustedRetiredRetired<1403918<1403918
Symantec VegaKeyTrustedRetiredRetired<1673300<1673300
VenafiAKeyTrustedRetiredRetired<99988Forked at STH 90155.
B<90161
Venafi Gen2KeyTrustedSuperDuperRejectedRetired<111554066<111554066
WoSignKeyTrustedSuperDuperRetiredRetired<9214605<9214615Disqualified due to failure to incorporate certificates.
WoSign 2KeyTrustedSuperDuperRejected<954<954
WoSign 3KeyTrustedSuperDuper<2<2Intended for redacted certificates, code signing certificates, and client certificates issued by WoSign. Not to be trusted by clients.
WoSign OldKeyTrustedRejectedKnown<41861
WoTrus 3KeyTrusted<2<2Intended for redacted certificates, code signing certificates, and client certificates issued by WoSign. Not to be trusted by clients.
ctlog.keysupport.orgTrustedNot publicly announced; not recommended for submission or monitoring
GoogleUnannounced Google Log
GoogleUnannounced Google Log
GoogleUnannounced Google Log
GoogleUnannounced Google Log
GoogleUnannounced Google Log
GoogleUnannounced Google Log
GoogleUnannounced Google Log
Test StartCom/WoSign log, accidentally used for logging pre-certificates from StartCom's new PKI.

Log Status

Operational
The log is up and running normally.
Frozen
The log is up but is no longer accepting new entries or producing new STHs.
Dead
The log is no longer running.
Forked
The log has presented more than one view. Information about each branch is displayed in a separate row.

Log Scope

Trusted
The log is intended for WebPKI certificates trusted by TLS clients. (Note: although the log accepts trusted certificates, the log itself may be intended for testing - see comments.)
Untrusted
The log is intended for WebPKI certificates that are not presently trusted by TLS clients, but may be trusted in the future, or were trusted in the past.
Expired
The log is intended for expired WebPKI certificates.
Testing
The log is intended for untrusted WebPKI test certificates.
RPKI
The log is intended for RPKI certificates.
BIMI
The log is intended for BIMI certificates.

Log Software

Trillian (41)
Google's latest open source log implementation (Apache-2)
DigiCert-HP (9)
DigiCert's new high performance log implementation (Proprietary)
Trillian-CF (8)
Trillian, with Cloudflare patches (Proprietary)
SuperDuper (4)
Google's original open source log implementation (Apache-2)
DigiCert (1)
DigiCert's original log implementation (Proprietary)
Google (0)
Google's original closed source log implementation (Proprietary)
Catlfish (0)
Experimental log implementation by NORDUNet (BSD)
sslwatcher (0)
Defunct log implementation written in Ruby (GPLv3)

TLS Client Status

Pending
The log is applying for inclusion.
Qualified
The log has qualified for inclusion but is not yet usable by CAs and TLS server operators because some clients may still be using an out-of-date log list and won't recognize SCTs from the log.
Usable
The log is included in the client and can be used by CAs and TLS server operators. All SCTs from the log will be recognized by clients.
<TREE_SIZE
The log became read-only at the given tree size. SCTs previously issued by the log can still be used, but CAs and TLS server operators cannot submit new certificates to the log.
Retired
(Formerly disqualified.) The log was included, but has been retired. Embedded SCTs issued before retirement can generally still be used, subject to caveats as explained in the Chrome CT Policy. Other SCTs are treated the same as SCTs from unusable logs. CAs and TLS server operators should no longer submit certificates to the log.
Rejected
The log was rejected before it was included, or was included and then removed. The client will not recognize SCTs from the log.

Monitor Status

Monitored
The log is monitored by this monitor service.
Known
The monitor service knows about the log but does not monitor it.
<TREE_SIZE
The log was previously monitored by this monitor service up to TREE_SIZE entries.

sth-pollination Endpoints

Resources

CC0

To the extent possible under law, Opsmate, Inc. has waived all copyright and related or neighboring rights to this work. This work is published from the United States of America.

Generated from XML using XSLT.