https://github.com/letsencrypt/ct-log-metadata

Metadata regarding Let's Encrypt's Certificate Transparency Logs
https://github.com/letsencrypt/ct-log-metadata

Last synced: 10 months ago
JSON representation

Metadata regarding Let's Encrypt's Certificate Transparency Logs

Host: GitHub
URL: https://github.com/letsencrypt/ct-log-metadata
Owner: letsencrypt
Created: 2022-06-02T23:28:57.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2024-10-22T02:18:30.000Z (over 1 year ago)
Last Synced: 2025-03-28T03:51:13.266Z (11 months ago)
Language: Python
Size: 1.74 MB
Stars: 9
Watchers: 8
Forks: 8
Open Issues: 4
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Let's Encrypt Certificate Transparency Logs

This repository contains all Root Certificate Authorities from whom [Let's Encrypt's Certificate Transparency Logs](https://letsencrypt.org/docs/ct-logs/) accept leaf certificates.

Let's Encrypt operates two publicly-accessible [Certificate Transparency](https://www.certificate-transparency.org/what-is-ct) logs:
* **Oak**
* **Sapling**

## Oak

Oak is a production log, containing only certificates which are trusted by the [Mozilla Root Program](https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/).

## Sapling

Sapling is a preproduction log, intended for certificates which are not publicly trusted, but which are issued by Certificate Authorities who either issue or are expected to issue publicly trusted certificates. In other words, Sapling is used by trusted Certificate Authorities in their testing infrastructures.

## Testflume

[Testflume no longer exists](https://groups.google.com/a/chromium.org/g/ct-policy/c/CLBlt5rSsAk) and has been replaced by the Sapling test log.

## ct-test-srv

The [Boulder](https://github.com/letsencrypt/boulder/tree/main/test/ct-test-srv) codebase contains a piece of software named `ct-test-srv` which implements RFC6962 `add-chain` and `add-pre-chain` endpoints. This software is sufficient for development and other testing environments. It does not persist data.

# Submitting a CA root for inclusion

Create a [New Issue](https://github.com/letsencrypt/ct-log-metadata/issues/new/choose) and fill out the provided template. All communication will be performed via responses to your Github Issue. Upon approval, Let's Encrypt staff will create a Pull Request to include your certificates and update our Certificate Transparency logs.

# What roots does a log contain?

Calling the `get-roots` endpoint for a [Trillian](https://github.com/google/trillian) backed log will return a JSON structure containing each root as base64 encoded DER.

Example retrieving all the roots from a CT log and viewing certificate content:
```
counter=1
for root in $(curl -sL https://oak.ct.letsencrypt.org/2023/ct/v1/get-roots | jq -r '.certificates[]'); do
echo -n "${root}" | base64 -d > /tmp/${counter}.crt
counter=$((counter+1))
done

openssl x509 -inform DER -in /tmp/${counter}.crt -noout -issuer -serial
```

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/letsencrypt/ct-log-metadata

Awesome Lists containing this project

README