Security Vulnerabilities Guide

Understanding and fixing common web security vulnerabilities detected by VitaPulse

Medium

Missing Certificate Transparency

Your SSL certificate does not include Certificate Transparency (CT) information, making it harder to detect misissued certificates.

Risk

Without Certificate Transparency, a rogue or compromised Certificate Authority could issue a fraudulent certificate for your domain without detection. CT logs provide public accountability — anyone can monitor them to detect unauthorized certificates. Chrome requires CT for all publicly trusted certificates since April 2018.

Solution

Ensure your Certificate Authority includes SCT (Signed Certificate Timestamp) in your certificate. Most modern CAs do this automatically. If not, switch to a CA that supports CT (Let's Encrypt, DigiCert, etc.).

Example

Verify CT: openssl s_client -connect example.com:443 | openssl x509 -text | grep -A2 'CT Precertificate'

Certificate Transparency Google CT Policy

Comments (0)

No messages yet.