Sectigo, a global leader in automated Certificate Lifecycle Management (CLM) and digital certificates, has announced the release of ctlint, a new open-source linting tool designed to enhance Certificate Transparency (CT) compliance across the Web Public Key Infrastructure (WebPKI).

Developed by Sectigo’s Distinguished Engineer, Rob Stradling, ctlint is designed to verify that public SSL/TLS certificates properly conform to CT policies enforced by major web browsers. This initiative addresses the increasing complexity faced by Certificate Authorities (CAs) in an era of shortening certificate lifespans and heightened regulatory scrutiny.

Certificate Transparency enables public CAs and other stakeholders to detect misissued or rogue certificates, thereby strengthening trust in the global internet infrastructure. CT logs allow monitoring of public certificate quality, identification of misissuance, and surveillance of domains for improperly obtained certificates. While web browsers verify CT logging, the process of recording this logging within certificates can be error-prone, even for sophisticated public CAs. ctlint acts as a preventative tool, monitoring certificates for such errors prior to their issuance, which enhances the overall reliability and quality of the CT system.

Rob Stradling stated, “Sectigo is continuing its role as a WebPKI leader by developing open, community-driven tools like ctlint that help CAs meet compliance standards and strengthen trust for everyone. This is one of several initiatives where we have invested our expertise to make the internet safer and ensure end users are protected from the risks of non-compliance and security gaps.”

Sectigo plays a significant role in providing essential technical infrastructure for the public CA ecosystem, emphasizing accountability, compliance, and innovation within the WebPKI landscape. The company’s contributions include crt.sh, an industry-standard CT log aggregator; pkimetal, a high-performance PKI meta-linter for pre-issuance linting; and Open MPIC, an open-source tool assisting CAs with CA/Browser Forum requirements to secure digital certificate issuance against BGP attacks.

Sectigo’s approach centers on intellectual leadership and industry-wide collaboration. By open-sourcing ctlint, the company enables all CAs, including competitors, to improve CT compliance. This strategy aims to reduce industry risk and enhance trust for all internet users, extending beyond Sectigo’s own customer base. This commitment is also reflected in Sectigo’s active leadership within standards bodies; the company holds more combined leadership positions in the CA/Browser Forum and ETSI than any other organization, using this influence to advocate for policies that protect the broader internet ecosystem.

Kevin Weiss, CEO at Sectigo, commented, “We’re incredibly proud of Rob and his long track record of contributions to strengthening the broader internet ecosystem on behalf of Sectigo, of which ctlint is the latest. His dedication to transparency and open-source innovation benefits the Certificate Authority community as a whole and is a key reason Sectigo is regarded as one of the most trusted CAs in the market, helping organizations stay ahead of evolving security demands, from the shift to 47-day certificate lifespans to preparing for a post-quantum future.”

Further information, including API documentation and deployment instructions, is available on the open-source project website at: https://github.com/crtsh/ctlint/blob/main/README.md.