Certificate Transparency (CT)

A public logging framework (RFC 6962) that requires all publicly trusted TLS certificates to be recorded in one or more append-only CT logs before browsers will accept them. Each log entry produces a Signed Certificate Timestamp (SCT) that browsers verify during the TLS handshake. CT enables domain owners, security researchers, and CAs to detect misissued or fraudulent certificates within hours. Google Chrome has required CT for all new certificates since 2018.