Wiki

Home

API Help
- Access and Authentication
- Request Parameter Data Types
- Response formats
- Login API
- Get current IP address
- Get account balance
- DNS hosting
- Domain names
- Sub users
- Monitoring
- SSL
- Open source libs
- Scripts
Getting Started
Domain names
- Register New Domain
- Transfer your domain
- Renew your domain
- Domain Management
- Specific Rules for Glue Records
- Glue Records in .be
- Information for Registrants
- Privacy Protection
DNS Zones
- Master DNS Zone
- Secondary (Backup) DNS Zone
- Free Zone
- Master/Slave Reverse Zone
- Cloud Domains
- Primary/Secondary ENUM Zones
- Parked Zone
- Slave DNS with Hidden master
- DNS zones and how do they count
- Disable/enable DNS zones
DNS Records
- SOA Record
- A Record
- AAAA Record
- MX Record
- CNAME Record
- TXT Record
  - DKIM Record
  - DMARC Record
  - SPF/TXT Duplication
- SPF Record
- NS Record
- SRV Record
- DS Record
- Web Redirect Record
- Web Redirect with SSL
- ALIAS Record
- RP Record
- SSHFP Record
- PTR Record
- NAPTR Record
- CAA record
- TLSA Record
- CERT record
- OPENPGPKEY record
- HINFO record
- SMIMEA record
- DNAME record
- LOC record
- Wildcard DNS Record
- What is TTL?
- Records templates
  - Mail Forwards
  - Gmail
  - Heroku
  - Heroku SSL
  - Zoho
  - Tumblr
  - Blogger
  - GitHub
  - Microsoft Azure
  - Weebly
  - Amazon Web Services
  - Google Sites
  - Google Calendar
  - Google Docs
  - Google Talk
  - WordPress
  - SupaDupa
  - Bitbucket
  - Divshot
  - Aldryn
  - Instapage
  - Enjin
  - Fastly
  - Format
  - atmail
  - FastMail
  - KickoffLabs
  - launchrock
  - Mailgun
  - paperplane.io
  - Tender Support
  - Squarespace
  - SimplyBuilt
  - Shopify
  - Pobox
  - Ghost
  - Office 365
  - Yandex
  - Minecraft
  - Mail.Ru
  - MailChimp
  - ImprovMX
  - Rackspace Email
  - TeamSpeak
- Round-Robin DNS
- Records deactivation/activation
Dynamic DNS
- Getting Started with Dynamic DNS
- Dynamic DNS scripts for Linux
- Dynamic DNS scripts
- Dynamic DNS for *NIX
- Dynamic DNS for macOS
- Dynamic DNS script for macOS
- Dynamic DNS for Windows
- Dynamic DNS script for Windows
- Dynamic DNS script for Windows with PowerShell
- DynDNS with multiple interfaces
- Dynamic DNS for Synology
- Dynamic DNS with pfSense
- Dynamic DNS with OPNsense
- Dynamic DNS for MikroTik
- Dynamic DNS for Android
- Dynamic DNS with DD-WRT
- Dynamic DNS with FreeNAS
- Dynamic DNS for Generic Router
- Dynamic DNS Notifications
GeoDNS
- Block visitors by country
DNS Failover
- ICMP Ping
Monitoring
- ICMP Ping
- Web monitoring
- TCP monitoring
- UDP monitoring
- DNS monitoring
- Heartbeat Monitoring
- Firewall monitoring
- SSL/TLS Monitoring
- SMTP monitoring
- Streaming monitoring
- Notifications
Failover & Monitoring nodes
DNSSEC
- Activating DNSSEC with GoDaddy
- Activating DNSSEC with OVH
Mail Forwards
- Mail Forwards for external zones
- Greylisting
Reseller's panel
- Reseller Panel Customization and Settings
- Reseller Panel API
  - JSON
    - Login
  - SSO
    - Direct Login
    - SSO Session Login
SSL certificate
- How to order SSL certificate
- Generate CSR on Windows
- Generate CSR on Linux
- Generate CSR on cPanel
- Install SSL on Apache
- Install SSL on NGINX
- Install SSL on IIS 7
- Install SSL in WHM/cPanel
- How to renew SSL certificate
- acme.sh client fo Let's Encrypt, ZeroSSL and others
- Let's Encrypt SSL certificates with Certbot
- Issuing a certificate with Cert-Manager
- SSL in VMware Horizon View 7
- How to reissue SSL certificate
- Change verification mail of SSL
- Certificate Transparency
- ACME with OPNsense
- ACME with Home Assistant
- ACME with Proxmox
WHMCS
- Change log
- How to upgrade
- Registered domains mode
- Translation
Products and Services
- Google Workspace
- Dedicated IPs
- Our services
- Legitimate Domains Associated with ClouDNS
- Free Migration to ClouDNS
- Public Status Pages
Features
- Auto-Renewal
- Zone shares
- DNS Branding
- Groups
- Free SSL
Profile
- Account Balance
- Subscriptions
- Two-Factor Authentication
- Default SOA settings
- Change your e-mail
- Email Notifications
- SAML Integrations
Misc
- Change ownership of a DNS Zone
- How to delegate a sub-domain
- Slave DNS with PowerDNS
- Not sending out Glue Records
- Custom domain in Blogger
- Issues with nslookup
- Authoritative vs Resolving DNS
- Missing nameservers
- What is a DNS query?
- Changing name servers by plan
- Unknown AXFR requests
Commands
- 10 DNS questions solved with DIG
- 10 DNS questions for nslookup

Certificate Transparency

What is Certificate Transparency

Google’s Certificate Transparency (CT) project is an initiative to improve the security of the SSL/TLS certificate system. It introduces a publicly auditable log of SSL certificates to help detect and mitigate the impact of misissued, rogue, or malicious certificates as early as possible. By enabling transparency in certificate issuance, CT helps ensure that problems can be identified and corrected promptly.

Modern cryptography allows browsers to detect forged or fake SSL certificates. However, cryptographic checks alone are not sufficient when a valid certificate is issued mistakenly or when a certificate authority (CA) is compromised or acts maliciously. In such cases, the browser may still trust the certificate, misleading users into thinking they are securely connected to a legitimate website.

Purpose and Usage

Certificate Transparency aims to address these issues by making SSL/TLS certificate issuance visible and verifiable by domain owners, CAs, and the general public. It has three main goals:

Prevent undetected misissuance: Make it extremely difficult for a CA to issue a certificate for a domain without the domain owner's knowledge.
Enable monitoring and auditing: Provide tools and infrastructure for domain owners and CAs to audit and monitor certificate logs to detect misissued or unauthorized certificates.
Protect end users: Help prevent users from being misled by certificates that appear valid but were mistakenly or maliciously issued.

Key Components of Certificate Transparency

The system relies on three main components:

Certificate Logs: Public, append-only logs where CAs submit the certificates they issue. These logs are cryptographically verifiable and provide a tamper-proof history.
Monitors: Entities that watch the logs for suspicious or unexpected certificates related to specific domains, helping detect misissuance.
Auditors: Components (often part of browsers) that verify the integrity of logs and ensure that the data they provide hasn’t been tampered with.

ClouDNS and Certificate Transparency

Certificate Transparency is supported for all certificates issued by Sectigo. You can use the online tool by Sectigo located at this URL in order to check your SSL certificates.

Last modified: 2025-04-09