Skip to main content

Enable the CT log exclusion feature on your account

Use these instructions to activate a feature that allows users to keep TLS/SSL certificates out of public CT logs when ordering certificates (new, reissues, and renewals).

  1. In your CertCentral account, in the sidebar menu, select Settings > Preferences.

  2. On the Division Preferences page, scroll down and select +Advanced Settings.

  3. In the Certificate Request section, under CT Logging, check Allow users to change CT logging per request.

    Note

    Before you save your changes, make sure you understand the consequences of keeping certificates out of the CT logs.

  4. Select Save Settings.

  5. Congratulations! When ordering a certificate (new, reissue, and renewal orders), account users will see an option under Additional Certificate Options that allows them to keep a TLS/SSL certificate out of public CT logs.

    Note

    Make sure those who can order certificates understand the consequences of keeping certificates out of the CT logs.

  6. In addition, before someone approves a TLS/SSL certificate request, they can see (and make the final decision on) whether the certificate will be logged to CT logs.

In this section: