1.3.2.3 Certificate Transparency

Per [RFC6962], Certificate Transparency is a scheme that allows digital certificates to be issued in a manner that is monitorable and auditable by a compliant operator. Issued certificates are added to publicly available logs either before or after certificate issuance, and these logs can be called on by any application for proof of inclusion.

Any digital certificate issued by Windows Server v1803 operating system<2> can be trivially submitted to a Certificate Transparency Log.

In addition, Windows Server v1803 supports the submission of digital certificates to Certificate Transparency Logs prior to issuance via signed precertificates, as defined in [RFC6962]. For processing rules, see sections 3.1.1.4.3.5 and 3.2.1.4.2.1.4.3.