我们理解您可能要将特定的公共 SSL/TLS 证书排除在 CT 日志记录外。但是,在您开始将证书从 CT 日志记录中排除前,请务必了解不记录 SSL/TLS 证书的后果。
带有 CT 要求策略的浏览器将在带有无日志记录的 SSL/TLS 证书的网站上显示不受信任的警告或安全性低指示符。
Google Chrome 是第一个在具有 2018 年 4 月 1 日以后颁发的无日志记录的证书的网站上显示警告的浏览器。请参阅扩展到所有证书类型的 Google CT。
其他浏览器已经开始追随该做法。Apple 在具有 2018 年 10 月 15 日以后颁发的无日志记录的证书的网站上显示警告。请参阅 Apple 公布证书透明度要求。
要删除来自无日志记录的证书的此不受信任警告,必须执行以下操作:
DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.
©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.