在您决定是否将证书记录到 CT 日志前,请务必了解,在大部分情况下,将您的证书记录到公共 CT 日志中是正确的选择。
但是,我们知道您可能拥有您不想在 CT 日志中公开的内部域。这些域可以不记录在 CT 日志中。下面提供的一些信息可以帮助您做出正确的 CT 日志记录选择。
如果证书为公共网站提供保护,您始终应该将它记录在公共 CT 日志中。
如果证书为内部或专用网站提供保护,且您拥有因为品牌、隐私或网站安全原因而需要保密的组织名和域名,您可以选择不记录证书。
坏处是大部分浏览器要求记录 CT 日志(例如,Chrome、Safari 等),且任何连接您的网站的用户都将看到不受信任的警告。因此请务必确保:
DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.
©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.