Back to Glossary

Glossary Term

Certificate Transparency (CT) Logs

Public append-only ledgers that reveal every SSL/TLS certificate issued for monitored domains.

1 min read

Share this definition

Post it to your feed or send it to teammates.

What it is

Certificate Transparency (CT) Logs are publicly auditable, append-only records where certificate authorities publish each SSL/TLS certificate they issue. Security teams, researchers, or attackers can monitor these logs to spot new certificates for a domain or subdomain almost immediately.

Why it matters

Rogue or unexpected certificates often signal domain compromise, subdomain takeovers, mistakes in automated issuance, or abuse by a malicious/compromised certificate authority. Spotting these events early prevents phishing, impersonation, and encrypted man-in-the-middle attacks.

How to reduce risk

  • Monitor CT logs for certificates referencing your domains or subdomains.
  • Revoke any unauthorized certificates and rotate affected keys quickly.
  • Publish CAA DNS records to restrict which CAs can issue on your behalf.
  • Automate alerting so new certificates trigger reviews and validation.