No CT logs for 281162.tcplusondemand.com?

user21380 · January 28, 2022, 9:06pm

My company is having issues with an SSO implementation for 281162.tcplusondemand.com and I noticed there is no CT log for this leaf certificate, only the related precertificates and I am speculating that this is causing an issue somewhere along the line. I found this issue because I wanted to look at CT information for this cert and also noticed that the server sends the Expect-CT header.

Apologies if I am missing something or not understanding this correctly. Maybe I am not searching correctly.

michael · January 28, 2022, 10:42pm

At this point the Expect-CT header is really only useful for reporting purposes, as all browsers now check for CT. As the certificate as valid SCTs embedded, any browser validation will succeed.

Do you have more detail on the issue?

user21380 · January 30, 2022, 3:02pm

After looking into it further, I realized that every Cloudflare SSL certificate is like this where only the precertificates can be found in CT logs so I decided that is probably not the issue with this SSO implementation.

The services where I’m seeing this behavior are Certificate Transparency Search API by SSLMate

and crt.sh

system · February 14, 2022, 3:03pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Report-ct header? Website, Application, Performance dash-ssl-tls	2	16156	July 18, 2018
Deprecated - Expect-CT header Website, Application, Performance	1	4072	March 19, 2023
Cloudflare injecting Expect-CT Website, Application, Performance	2	1103	August 25, 2023
The Expect-CT option is obsolete and will be removed Security	4	6106	November 29, 2022
Unknown certificates issued for my domain by Cloudflare Security	4	151	June 5, 2024

No CT logs for 281162.tcplusondemand.com?

Related topics