Enable the CT Log Exclusion Feature for Your Account

Use these instructions to activate a feature that allows users to keep SSL/TLS certificates out of public CT logs when ordering certificates (new, reissues, and renewals).

  1. In your CertCentral account, in the sidebar menu, click Settings > Preferences.

  2. On the Division Preferences page, scroll down and click +Advanced Settings.

  3. In the Certificate Request section, under CT Logging, check Allow users to change CT logging per request.

Before you save your changes, make sure you understand the consequences of keeping certificates out of the CT logs.

  1. Click Save Settings.

  2. Congratulations! When ordering a certificate (new, reissue, and renewal orders), account users will see an option under Additional Certificate Options that allows them to keep an SSL/TLS certificate out of public CT logs.

Make sure those who can order certificates understand the consequences of keeping certificates out of the CT logs.

  1. In addition, before someone approves an SSL/TLS certificate request, they can see (and make the final decision on) whether the certificate will be logged to CT logs.

    1. Logged to CT Logs
    2. Not Logged to CT Logs