We understand that you may want to keep specific public SSL/TLS certificates out of the CT logs. However, before you begin excluding certificates from the CT logs, make sure you understand the consequences of unlogged SSL/TLS certificates.
Browsers with CT requirement policies will show an untrusted warning or a reduced security indicator on sites with unlogged SSL/TLS certificates.
Google Chrome was the first browser to show warnings on sites with unlogged certificates issued after April 1, 2018. See Google CT to Expand to All Certificates Types.
Other browsers have begun to follow suit. Apple will show warning on sites with unlogged certificates issued after October 15, 2018. See Apple Announces Certificate Transparency Requirement.
To remove this untrusted warning from an unlogged certificate, you must do the following:
DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.
©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.