Symantec Expands Support for Certificate Transparency
Symantec is pleased to extend support for Certificate Transparency (CT) for our Organization Validation (OV) products, a key certificate management capability for all SSL/TLS certificate types and customer channels. This is just the next step in empowering organizations with the ability to detect and mitigate security concerns for domains they own.
By enabling this key certificate management capability, organizations will get a comprehensive view of what active certificates exist for each of their domains. Such transparency lets them effectively manage all active certificates and quickly respond to threats.
Today, Symantec is one of the few Certificate Authorities to operate its own Certificate Transparency log server and will soon have a second one available. To encourage Certificate Transparency and offer a cost-effective option to the CA ecosystem, Symantec now allows third party Certification Authorities to log their certificates on its servers as well.
While Symantec is strongly advocating for CT, strong certificate management comes in three parts: Prevention, Detection, and Response. All Symantec SSL/TLS certificates come with the following:
Customers have the ability to specify and control which Certification Authorities are permitted to issue certificates for their domains through the industry-recognized Certification Authority Authorization CAA specification.
Symantec introduced support for CAA across all products in mid-2015 and is championing making this an industry requirement for all Certification Authorities.
Certification Authorities are increasingly recording certificates to public Certificate Transparency log servers which allow customers to monitor what certificates have been issued for their domains.
Symantec is extending its support for Certificate Transparency to all of its certificates by default and is championing making this an industry requirement for all Certification Authorities.
|Platform||Extended Validation Certificates||Organization Validation Certificates||Domain Validation Certificates|
|Symantec Complete Website Security & Managed PKI for SSL||Available||Available||Not Applicable|
|Symantec Trust Center||Available||Available||Not Applicable|
|Thawte Certificate Center||Available||Available||Available|
|GeoTrust Security Center||Available||Available||Available|
|Rapid SSL||Not Applicable||Not Applicable||Available|
|Symantec Japan SSL||Available||Available||Available|
Customers can revoke problem certificates and have that information published immediately through the industry standard Online Certificate Status Protocol (OCSP).
Symantec offers global, high performance OCSP services, processing on average 13 Billion certificate checks every day. In Fall-2015, Symantec expanded its OCSP service to include IPv6 support.