Known Logs

The list of CT Logs that are currently compliant with Chrome's CT policy (or have been and were disqualified), and are included in Chrome:
log_list.json is signed by Google, the signature being hosted at:
The public key to verify log_list.sig can be found at:
The list of all known and announced CT Logs:
Both log_list.json and all_logs_list.json conform with the following schema:

To check whether Logs are currently pending inclusion in Chrome, check the Chromium inclusion bugs:



Special Purpose Logs


ct.googleapis.com/daedalus

Base64 Log ID: HQJLjrFJizRN/YfqPvwJlvdQbyNdHUlwYaR3PEOcJfs=
Operator: Google
Contact: google-ct-logs@googlegroups.com

This log is not trusted by Chrome. It only logs certificates that have expired. See the announcement post.

ct.googleapis.com/submariner

Base64 Log ID: qJnYeAySkKr0YvMYgMz71SRR6XDQ+/WR73Ww2ZtkVoE=
Operator: Google
Contact: google-ct-logs@googlegroups.com

This log is not trusted by Chrome. It only logs certificates that chain to roots that are on track for inclusion in browser roots or were trusted at some previous point. See the announcement blog post.



Test Logs


These logs are intended for testing purposes only and will only log certificates that chain to a test root explicitly added to it.
To add a test root to Testtube, please email google-ct-logs@googlegroups.com

A test root for Testtube should:
  • have a certificate "Subject" field that:
    • includes the word "test", "dev" or "demo" (to reduce the chance of real certificates being mixed up with test certificates).
    • identifies the organization that the test root is for (to allow easy classification of test traffic).
  • not allow real certificates to chain to it, either because:
    • it is a self-signed root CA certificate identified as a test certificate (as above).
    • it is an intermediate CA certificate that chains to a root certificate that is also identified as a test certificate.
  • be a CA certificate, by:
    • having CA:TRUE in the Basic Constraints extension.
    • include the 'Certificate Sign' bit in the Key Usage extension.
For historical reasons Google's test logs include some test roots that do not comply with all of the above requirements.

ct.googleapis.com/logs/crucible

Base64 Log ID: w78Dp+HKiEHGB7rj/0Jw/KXsRbGG675OLPP8d4Yw9fY= 
Operator: Google 
Contact: google-ct-logs@googlegroups.com 


ct.googleapis.com/logs/solera2018

Base64 Log ID: UutLIl7IlpdIUGdfI+Q7wdAh4yFM5S7NX6h8IDzfygM=
Expiry range: Jan 01 2018 00:00:00Z inclusive to Jan 01 2019 00:00:00Z exclusive

ct.googleapis.com/logs/solera2019

Base64 Log ID: C3YOmouaaC+ImFsV6UdQGlZEa7qIMHhcOEKZQ4ZFDAA=
Expiry range: Jan 01 2019 00:00:00Z inclusive to Jan 01 2020 00:00:00Z exclusive

ct.googleapis.com/logs/solera2020

Base64 Log ID: H8cs5aG3mfQAw1m/+WyjkTVI6GRCIGEJUum6F3T3usc=
Expiry range: Jan 01 2020 00:00:00Z inclusive to Jan 01 2021 00:00:00Z exclusive

ct.googleapis.com/logs/solera2021

Base64 Log ID: o8mYRegKt84AFXs3Qt8CB90nKytgLs+Y7iwS25xa5+c=
Expiry range: Jan 01 2021 00:00:00Z inclusive to Jan 01 2022 00:00:00Z exclusive

ct.googleapis.com/logs/solera2022

Base64 Log ID: aXqvyhprU2+uISBQRt661+Dq6hPSQy5unY+zefK5qvM=
Expiry range: Jan 01 2022 00:00:00Z inclusive to Jan 01 2023 00:00:00Z exclusive
Operator: Google 
Contact: google-ct-logs@googlegroups.com 


ct.googleapis.com/testtube

Base64 Log ID: sMyD5aX5fWuvfAnMKEkEhyrH6IsTLGNQt8b9JuFsbHc= 
Operator: Google 
Contact: google-ct-logs@googlegroups.com 

Comments