0

How would a CA submit a certificate to Certificate Transparency logs? Preferably Google's Pilot or Rocketeer CT.

Would one submit via an API, SDK, library? If submitting should it be a render of a certificate (without log extensions) or the final certificate?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Nathanna
  • 25
  • 6

1 Answers1

2

The operation of Certificate Transparency is specified in RFC 6962 and the submission method is specified in sections 4.1 and 4.2. A shortened version:

4.1. Add Chain to Log

POST https://<log server>/ct/v1/add-chain

4.2. Add PreCertChain to Log

POST https://<log server>/ct/v1/add-pre-chain

The format for the POST requests is specified in the beginning of section 4:

Messages are sent as HTTPS GET or POST requests. Parameters for POSTs and all responses are encoded as JavaScript Object Notation (JSON) objects [RFC4627].

Community
  • 1
Esa Jokinen
  • 16,100
  • 5
  • 50
  • 55
  • Hi Esa. Could you provide an example of how the data would look in JSON format? I know what JSON is, I'm just wondering the specifcation of which fields are needed... is their a CSR or a CRT? - Thanks for your answer.' – Nathanna Nov 08 '20 at 07:44
  • 1
    You could first read through the RFC 6962. The section 3 has structures for the messages, and JSON is the input format. – Esa Jokinen Nov 08 '20 at 07:53
  • Did you find the answer to this @Nathanna? Trying to work this out myself. – decodebytes Mar 12 '21 at 21:31