Apple's Certificate Transparency policy
Learn how to comply with Apple's Certificate Transparency policy.
Publicly trusted Transport Layer Security (TLS) server authentication certificates must meet Apple's Certificate Transparency (CT) policy to be evaluated as trusted on Apple platforms.
Certificates that fail to comply with our policy will result in a failed TLS connection, which can break an app’s connection to Internet services or Safari’s ability to seamlessly connect.
Policy requirements
Apple's policy requires at least two Signed Certificate Timestamps (SCT) issued from a CT log — once-approved1 or currently approved1 at the time of check — and either:
At least two SCTs from currently approved CT logs with one SCT presented via TLS extension or OCSP Stapling; or
At least one embedded SCT from a currently approved log and at least the number of SCTs from once or currently approved logs, based on validity period as detailed in the table below.
At least one SCT must be issued from a log compliant with RFC 6962.
The Number of embedded SCTs required is based on certificate lifetime2:
Certificate lifetime | # of SCTs from distinct logs | Maximum # of SCTs per log operator which count towards the SCT requirement |
|---|---|---|
180 days or less | 2 | 1 |
181 to 398 days | 3 | 2 |
CT logs
Download the current CT Log list and CT Log list schema in JSON format.
For CT log status definitions, please refer to Apple’s Certificate Transparency log program: https://support.apple.com/103703
A certificate's validity period (or lifetime) is defined in line with RFC 5280, Section 4.1.2.5, as "the period of time from notBefore through notAfter, inclusive."
Validity period is measured with a day being equal to 86,400 seconds. Any time greater than this indicates an additional day of validity.
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.