Certificate Transparency: Running Static CT Logs

Certificate Transparency (CT), defined in RFC 6962, provides a mechanism for publicly logging TLS certificates in a way that allows anyone to audit Certificate Authority activity and detect the issuance of suspect or unauthorised certificates. This talk shares the hands-on experience of IPng Networks in operating instances of Sunlight and TesseraCT — two open source implementations of the Static CT protocol — running four production CT logs: Rennet, Lipase, Gouda and Halloumi. The presentation covers the technical setup, operational lessons learned, and the role community-run CT logs play in the broader ecosystem of Internet security.