Azure Key Vault Certificate without Certificate Transparency

Compliance Frameworks


Azure Key Vault Certificate {AzureKeyVaultCertificate} does not have transparency enabled. In order to guard against SSL/TLS certificates that are issued by mistake or by a compromised CA, some browsers require that public certificates issued for your domain be recorded in a certificate transparency log. The domain name is recorded, but the private key is not. Certificates that are not logged typically generate an error in the browser.
  • Recommended Mitigation

    It is recommended to enable certificate transparency.