Before you decide whether to log a certificate to CT logs, it is important to understand that in the vast majority of situations, logging your certificates in public CT logs is the correct option.
However, we know that you may have internal domains you don’t want made public in CT logs. These domains can be excluded from CT logs. Below is some information to help you make the right CT logging choice.
If the certificate is protecting a public website, you should always log it in public CT logs.
If the certificate is protecting an internal or private site and you have organization and domain names that need to be kept private for branding, privacy, or network security reasons, you can choose not to log the certificate.
The downside is that most browsers have CT logging requirements (e.g., Chrome, Safari, etc.) and anyone connecting to your site will see an untrusted warning. So, make sure you:
DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.
©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.