Certificate Transparency Notification for Cloudflare created certificate

Hi there.

I received a “Certificate Transparency Notification” today for one of our domains and the issuer was not one that I expected.

It took a little time to work out that it was a “backup certificate” that Cloudflare had requested on our behalf.

Perhaps the “Certificate Transparency Notification” email could be enhanced to note when “Cloudflare has observed issuance of the following certificate for [domain name] or one of its subdomains” which was done at Cloudflare’s request?

That would save me running around trying to figure out who had requested a certificate from Google Trust Services LLC when they’re not one of the CAs we use.

Hi there,

That is understandably frustrating, but note that CT is still in beta state, and in the documentation it’s explained that backup certificate issuing triggers CT:

CT Monitoring alerts are triggered not only by Cloudflare processes - including backup certificates -, but whenever a certificate that covers your monitored domain is issued by a Certificate Authority (CA) and added to a public CT log.

Take care.

Hello
Thank you for your response and explanation.

Documentation? Who reads the documentation? :rofl:

I didn’t know that CT was still in beta but that’s great news because it means your developers have the opportunity to take my suggestion into account before releasing the service in its final form.

1 Like