|
|
|
|
|
|
by InvaderFizz
1505 days ago
|
|
|
This is going to be a very annoying thing for us, if true. Our April 2020 issued Cert expires in July and was on track to roll out a new cert in two weeks. This means we get to push up the timetable and do an out-of-sequence patch roll to address this in over 100 environments. Fun night ahead. The weird part is, if you click on the error in chrome, it displays the Cert Details, including this wonderful gem: Certificate Transparency:
SCT Google 'Pilot' log (Embedded in certificate, Verified)
SCT Google 'Rocketeer' log (Embedded in certificate, Verified)
SCT DigiCert Log Server (Embedded in certificate, Verified)
|
|
|
Pilot and Rocketeer were just shut down, however, I'm surprised this had any impact because the above post says:
> If you are delivering SCTs embedded in the certificate, this should require no action on your part. All previously-issued certificates containing SCTs from these logs that complied with the Chrome CT Policy will continue to do so.
Edit: Ah but if /all/ the logs are retired, it's no longer valid. So if you have two retired google logs + a digicert log that's presumably also retired, the SCTs are no longer acceptable.