{"id":15375,"date":"2026-03-11T17:43:49","date_gmt":"2026-03-11T14:43:49","guid":{"rendered":"https:\/\/www.ihs.com.tr\/blog\/?p=15375"},"modified":"2026-03-11T17:43:49","modified_gmt":"2026-03-11T14:43:49","slug":"certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/","title":{"rendered":"&#8220;Certificate Transparency&#8221; (CT) Nedir ve Sizi Sahte Sertifikalardan Nas\u0131l Korur?"},"content":{"rendered":"<p>\u0130nternet \u00fczerinde gezinirken, bankac\u0131l\u0131k i\u015flemleri yaparken veya online al\u0131\u015fveri\u015f yaparken taray\u0131c\u0131n\u0131z\u0131n adres \u00e7ubu\u011funda g\u00f6rd\u00fc\u011f\u00fcn\u00fcz ye\u015fil kilit simgesi, ba\u011flant\u0131n\u0131z\u0131n g\u00fcvenli oldu\u011funu g\u00f6steren SSL\/TLS sertifikalar\u0131na dayan\u0131r. Ancak bu g\u00fcvenli\u011fin temel ta\u015f\u0131 olan sertifikalar\u0131n kendileri k\u00f6t\u00fc niyetli veya hatal\u0131 bir \u015fekilde d\u00fczenlenirse ne olur? \u0130\u015fte bu kritik soruna \u00e7\u00f6z\u00fcm olarak geli\u015ftirilen Certificate Transparency (CT), yani Sertifika \u015eeffafl\u0131\u011f\u0131, dijital d\u00fcnyadaki g\u00fcvenli\u011fin g\u00f6r\u00fcnmez kahramanlar\u0131ndan biridir. Bu teknoloji, internetin daha g\u00fcvenli ve \u015feffaf bir yer olmas\u0131n\u0131 sa\u011flayarak hem web sitesi sahiplerini hem de son kullan\u0131c\u0131lar\u0131 sahte sertifikalara kar\u015f\u0131 korur.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_77 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0130\u00e7erik Tablosu<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-69ee665bbb20d\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\" id=\"ez-toc-cssicon-toggle-item-69ee665bbb20d\" aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Certificate-Transparency-Oncesi-SSLTLS-Ekosistemi-ve-Guvenlik-Aciklari\" >Certificate Transparency \u00d6ncesi SSL\/TLS Ekosistemi ve G\u00fcvenlik A\u00e7\u0131klar\u0131<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Geleneksel-Sertifika-Otoritesi-CA-Guven-Modeli\" >Geleneksel Sertifika Otoritesi (CA) G\u00fcven Modeli<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Guven-Zinciri-Chain-of-Trust-Nasil-Calisir\" >G\u00fcven Zinciri (Chain of Trust) Nas\u0131l \u00c7al\u0131\u015f\u0131r?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Hatali-veya-Kotu-Niyetle-Duzenlenmis-Sertifikalar-Riski-Nedir\" >Hatal\u0131 veya K\u00f6t\u00fc Niyetle D\u00fczenlenmi\u015f Sertifikalar Riski Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Gecmiste-Yasanan-Onemli-Sertifika-Guvenligi-Ihlalleri\" >Ge\u00e7mi\u015fte Ya\u015fanan \u00d6nemli Sertifika G\u00fcvenli\u011fi \u0130hlalleri<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Certificate-Transparency-CT-Kavrami-ve-Temel-Ilkeleri\" >Certificate Transparency (CT) Kavram\u0131 ve Temel \u0130lkeleri<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Certificate-Transparency-CT-Nedir\" >Certificate Transparency (CT) Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#CTnin-Ana-Hedefleri-Tespit-Etme-Denetleme-ve-Seffaflik\" >CT&#8217;nin Ana Hedefleri: Tespit Etme, Denetleme ve \u015eeffafl\u0131k<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Herkese-Acik-Degistirilemez-ve-Yalnizca-Ekleme-Yapilabilen-Kayit-Defteri-Fikri\" >Herkese A\u00e7\u0131k, De\u011fi\u015ftirilemez ve Yaln\u0131zca Ekleme Yap\u0131labilen Kay\u0131t Defteri Fikri<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Certificate-Transparency-Ekosisteminin-Bilesenleri-ve-Gorevleri\" >Certificate Transparency Ekosisteminin Bile\u015fenleri ve G\u00f6revleri<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Sertifika-Gunlukleri-Certificate-Logs\" >Sertifika G\u00fcnl\u00fckleri (Certificate Logs)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Monitorler-Monitors\" >Monit\u00f6rler (Monitors)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Denetciler-Auditors\" >Denet\u00e7iler (Auditors)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Certificate-Transparencynin-Adim-Adim-Calisma-Mekanizmasi\" >Certificate Transparency&#8217;nin Ad\u0131m Ad\u0131m \u00c7al\u0131\u015fma Mekanizmas\u0131<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Bir-Sertifikanin-CT-Gunlugune-Gonderilmesi\" >Bir Sertifikan\u0131n CT G\u00fcnl\u00fc\u011f\u00fcne G\u00f6nderilmesi<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Imzali-Sertifika-Zaman-Damgasi-SCT-%E2%80%93-Signed-Certificate-Timestamp-Nedir\" >\u0130mzal\u0131 Sertifika Zaman Damgas\u0131 (SCT &#8211; Signed Certificate Timestamp) Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#SCTnin-Alinmasi-ve-Sertifikaya-Eklenmesi\" >SCT&#8217;nin Al\u0131nmas\u0131 ve Sertifikaya Eklenmesi<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Tarayicinin-Istemcinin-Baglanti-Sirasinda-SCTyi-Dogrulamasi\" >Taray\u0131c\u0131n\u0131n (\u0130stemcinin) Ba\u011flant\u0131 S\u0131ras\u0131nda SCT&#8217;yi Do\u011frulamas\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#SCT-Dogrulanamazsa-Ne-Olur\" >SCT Do\u011frulanamazsa Ne Olur?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Certificate-Transparency-Sizi-Sahte-Sertifikalardan-Nasil-Korur\" >Certificate Transparency Sizi Sahte Sertifikalardan Nas\u0131l Korur?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Alan-Adi-Sahipleri-Icin-Koruma\" >Alan Ad\u0131 Sahipleri \u0130\u00e7in Koruma<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Internet-Kullanicilari-Icin-Koruma\" >\u0130nternet Kullan\u0131c\u0131lar\u0131 \u0130\u00e7in Koruma<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Tum-Internet-Ekosistemi-Icin-Sagladigi-Faydalar\" >T\u00fcm \u0130nternet Ekosistemi \u0130\u00e7in Sa\u011flad\u0131\u011f\u0131 Faydalar<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Certificate-Transparencynin-Uygulamadaki-Yonleri-ve-Dikkat-Edilmesi-Gerekenler\" >Certificate Transparency&#8217;nin Uygulamadaki Y\u00f6nleri ve Dikkat Edilmesi Gerekenler<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#CT-Politikalarini-Zorunlu-Kilan-Tarayicilar-Google-Chrome-Safari-vb\" >CT Politikalar\u0131n\u0131 Zorunlu K\u0131lan Taray\u0131c\u0131lar (Google Chrome, Safari vb.)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Alt-Alan-Adlarinin-Subdomain-Aciga-Cikmasi-ve-Gizlilik-Konulari\" >Alt Alan Adlar\u0131n\u0131n (Subdomain) A\u00e7\u0131\u011fa \u00c7\u0131kmas\u0131 ve Gizlilik Konular\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Kendi-Alan-Adiniz-Icin-CT-Gunluklerini-Nasil-Kontrol-Edebilirsiniz\" >Kendi Alan Ad\u0131n\u0131z \u0130\u00e7in CT G\u00fcnl\u00fcklerini Nas\u0131l Kontrol Edebilirsiniz?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#SSLTLS-Sertifika-Guvenliginiz-Icin-Neden-IHS-Telekomu-Tercih-Etmelisiniz\" >SSL\/TLS Sertifika G\u00fcvenli\u011finiz \u0130\u00e7in Neden \u0130HS Telekom&#8217;u Tercih Etmelisiniz?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Onde-Gelen-ve-Guvenilir-Sertifika-Otoriteleriyle-Is-Ortakligi\" >\u00d6nde Gelen ve G\u00fcvenilir Sertifika Otoriteleriyle \u0130\u015f Ortakl\u0131\u011f\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#CT-Politikalarina-Tam-Uyumlu-Sertifika-Secenekleri\" >CT Politikalar\u0131na Tam Uyumlu Sertifika Se\u00e7enekleri<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-31\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Sertifika-Yonetimi-Kurulumu-ve-Yenilenmesinde-Uzman-Teknik-Destek\" >Sertifika Y\u00f6netimi, Kurulumu ve Yenilenmesinde Uzman Teknik Destek<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-32\" href=\"https:\/\/www.ihs.com.tr\/blog\/certificate-transparency-ct-nedir-ve-sizi-sahte-sertifikalardan-nasil-korur\/#Kurumsal-Guvenlik-Ihtiyaclariniza-Yonelik-Kapsamli-Cozumler\" >Kurumsal G\u00fcvenlik \u0130htiya\u00e7lar\u0131n\u0131za Y\u00f6nelik Kapsaml\u0131 \u00c7\u00f6z\u00fcmler<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Certificate-Transparency-Oncesi-SSLTLS-Ekosistemi-ve-Guvenlik-Aciklari\"><\/span>Certificate Transparency \u00d6ncesi SSL\/TLS Ekosistemi ve G\u00fcvenlik A\u00e7\u0131klar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Certificate Transparency (CT) mekanizmas\u0131n\u0131n neden bu kadar \u00f6nemli oldu\u011funu anlamak i\u00e7in, ondan \u00f6nceki d\u00f6nemin g\u00fcvenlik modelini ve bu modelin do\u011fas\u0131nda var olan riskleri bilmek gerekir. Eskiden SSL\/TLS ekosistemi, tamamen Sertifika Otoriteleri&#8217;ne (CA) duyulan g\u00fcvene dayan\u0131yordu ve bu durum, ciddi g\u00fcvenlik ihlallerine kap\u0131 aral\u0131yordu.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Geleneksel-Sertifika-Otoritesi-CA-Guven-Modeli\"><\/span>Geleneksel Sertifika Otoritesi (CA) G\u00fcven Modeli<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Geleneksel modelde, internet taray\u0131c\u0131lar\u0131 ve i\u015fletim sistemleri, belirli Sertifika Otoriteleri&#8217;ni (CA) g\u00fcvenilir olarak kabul ederdi. Bu CA&#8217;ler, bir alan ad\u0131n\u0131n sahipli\u011fini do\u011frulad\u0131ktan sonra o alan ad\u0131 i\u00e7in dijital bir kimlik olan <a href=\"https:\/\/www.ihs.com.tr\/ssl\/\" target=\"_blank\">SSL sertifikas\u0131<\/a> d\u00fczenleme yetkisine sahipti. Bir kullan\u0131c\u0131 g\u00fcvenli (HTTPS) bir web sitesini ziyaret etti\u011finde, taray\u0131c\u0131 sitenin sertifikas\u0131n\u0131n g\u00fcvenilir bir CA taraf\u0131ndan imzalan\u0131p imzalanmad\u0131\u011f\u0131n\u0131 kontrol ederdi. E\u011fer imza ge\u00e7erliyse, ba\u011flant\u0131 g\u00fcvenli kabul edilir ve kullan\u0131c\u0131ya ye\u015fil kilit simgesi g\u00f6sterilirdi. Bu sistem, y\u00fczlerce CA&#8217;den herhangi birinin herhangi bir alan ad\u0131 i\u00e7in sertifika d\u00fczenleyebilmesine ve taray\u0131c\u0131lar\u0131n bu sertifikaya sorgusuz sualsiz g\u00fcvenmesine dayan\u0131yordu.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Guven-Zinciri-Chain-of-Trust-Nasil-Calisir\"><\/span>G\u00fcven Zinciri (Chain of Trust) Nas\u0131l \u00c7al\u0131\u015f\u0131r?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>G\u00fcven modeli, &#8220;G\u00fcven Zinciri&#8221; (Chain of Trust) ad\u0131 verilen hiyerar\u015fik bir yap\u0131 \u00fczerine kuruludur. Bu zincirin en tepesinde, taray\u0131c\u0131lar\u0131n ve i\u015fletim sistemlerinin &#8220;k\u00f6k&#8221; deposunda \u00f6nceden y\u00fckl\u00fc olan K\u00f6k Sertifikalar (Root Certificates) bulunur. Bu k\u00f6k CA&#8217;ler, kendi adlar\u0131na veya Ara Sertifika Otoriteleri (Intermediate CAs) ad\u0131na sertifika imzalayabilirler. Ara CA&#8217;ler de son kullan\u0131c\u0131lar\u0131n web siteleri i\u00e7in sertifikalar d\u00fczenler. Bir taray\u0131c\u0131 bir web sitesinin sertifikas\u0131n\u0131 kontrol etti\u011finde, bu sertifikay\u0131 imzalayan ara CA&#8217;y\u0131 ve o ara CA&#8217;y\u0131 imzalayan k\u00f6k CA&#8217;y\u0131 takip ederek g\u00fcvenilir bir k\u00f6ke ula\u015f\u0131p ula\u015fmad\u0131\u011f\u0131n\u0131 do\u011frular. E\u011fer zincir k\u0131r\u0131k de\u011filse ve en tepedeki k\u00f6k g\u00fcvenilirse, t\u00fcm zincir g\u00fcvenli kabul edilir. Bu <a href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-sertifikasi-zinciri-certificate-chain-nedir-ve-neden-onemlidir\/\" target=\"_blank\">sertifika zinciri<\/a>, SSL\/TLS altyap\u0131s\u0131n\u0131n temelini olu\u015fturur.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Hatali-veya-Kotu-Niyetle-Duzenlenmis-Sertifikalar-Riski-Nedir\"><\/span>Hatal\u0131 veya K\u00f6t\u00fc Niyetle D\u00fczenlenmi\u015f Sertifikalar Riski Nedir?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Geleneksel modelin en b\u00fcy\u00fck zay\u0131fl\u0131\u011f\u0131, g\u00fcvenilir kabul edilen herhangi bir CA&#8217;n\u0131n hata yapmas\u0131 veya k\u00f6t\u00fc niyetli akt\u00f6rler taraf\u0131ndan ele ge\u00e7irilmesi durumunda ortaya \u00e7\u0131k\u0131yordu. Bir CA, yanl\u0131\u015fl\u0131kla veya bir siber sald\u0131r\u0131 sonucu Google, Microsoft veya herhangi bir bankan\u0131n alan ad\u0131 i\u00e7in sahte bir sertifika d\u00fczenleyebilirdi. Taray\u0131c\u0131lar, bu sahte sertifikay\u0131 g\u00fcvenilir bir CA imzalad\u0131\u011f\u0131 i\u00e7in ge\u00e7erli kabul eder ve kullan\u0131c\u0131lar\u0131 sahte siteye y\u00f6nlendirebilirdi. Bu durum, &#8220;Man-in-the-Middle&#8221; (Ortadaki Adam) sald\u0131r\u0131lar\u0131na, kimlik av\u0131 (phishing) doland\u0131r\u0131c\u0131l\u0131\u011f\u0131na ve veri h\u0131rs\u0131zl\u0131\u011f\u0131na zemin haz\u0131rl\u0131yordu. En k\u00f6t\u00fcs\u00fc ise, alan ad\u0131 sahibinin kendi ad\u0131na b\u00f6yle bir sahte sertifika d\u00fczenlendi\u011finden haberi bile olmazd\u0131.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Gecmiste-Yasanan-Onemli-Sertifika-Guvenligi-Ihlalleri\"><\/span>Ge\u00e7mi\u015fte Ya\u015fanan \u00d6nemli Sertifika G\u00fcvenli\u011fi \u0130hlalleri<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Teorik olan bu riskler, ge\u00e7mi\u015fte ya\u015fanan b\u00fcy\u00fck siber g\u00fcvenlik olaylar\u0131yla ger\u00e7e\u011fe d\u00f6n\u00fc\u015ft\u00fc.<\/p>\n<ul>\n<li><b>DigiNotar (2011):<\/b> Hollandal\u0131 bir CA olan DigiNotar, hackerlar taraf\u0131ndan ele ge\u00e7irildi ve aralar\u0131nda google.com, yahoo.com, mozilla.org gibi y\u00fczlerce y\u00fcksek profilli alan ad\u0131 i\u00e7in 500&#8217;den fazla sahte sertifika d\u00fczenlendi. Bu sertifikalar, \u00f6zellikle \u0130ran&#8217;daki kullan\u0131c\u0131lar\u0131 hedef alan geni\u015f \u00e7apl\u0131 g\u00f6zetleme ve &#8220;Man-in-the-Middle&#8221; sald\u0131r\u0131lar\u0131nda kullan\u0131ld\u0131. Olay\u0131n ortaya \u00e7\u0131kmas\u0131yla DigiNotar iflas etti ve t\u00fcm taray\u0131c\u0131lar taraf\u0131ndan g\u00fcvensiz olarak i\u015faretlendi.<\/li>\n<li><b>Comodo (2011):<\/b> Yine ayn\u0131 y\u0131l, bir ba\u015fka CA olan Comodo da sald\u0131r\u0131ya u\u011frad\u0131 ve pop\u00fcler e-posta servisleri ve ileti\u015fim platformlar\u0131 i\u00e7in sahte sertifikalar \u00fcretildi.<\/li>\n<li><b>Symantec (2015):<\/b> Google, Symantec&#8217;in bilgisi d\u0131\u015f\u0131nda test ama\u00e7l\u0131 da olsa google.com i\u00e7in sahte bir <a href=\"https:\/\/www.ihs.com.tr\/ssl\/ev-ssl.html\" target=\"_blank\">EV SSL<\/a> sertifikas\u0131 d\u00fczenledi\u011fini tespit etti. Bu olay, b\u00fcy\u00fck ve g\u00fcvenilir CA&#8217;lerin bile hata yapabilece\u011fini ve denetim mekanizmalar\u0131n\u0131n ne kadar zay\u0131f oldu\u011funu g\u00f6zler \u00f6n\u00fcne serdi.<\/li>\n<\/ul>\n<p>Bu ve benzeri olaylar, sadece CA&#8217;lere g\u00fcvene dayal\u0131 modelin s\u00fcrd\u00fcr\u00fclemez oldu\u011funu kan\u0131tlad\u0131 ve t\u00fcm SSL\/TLS ekosistemini denetleyecek daha \u015feffaf bir sisteme olan ihtiyac\u0131 do\u011furdu. Certificate Transparency, i\u015fte bu ihtiyac\u0131n bir \u00fcr\u00fcn\u00fcd\u00fcr.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Certificate-Transparency-CT-Kavrami-ve-Temel-Ilkeleri\"><\/span>Certificate Transparency (CT) Kavram\u0131 ve Temel \u0130lkeleri<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Ge\u00e7mi\u015fte ya\u015fanan g\u00fcvenlik ihlalleri, SSL\/TLS ekosisteminde k\u00f6kl\u00fc bir reforma ihtiya\u00e7 duyuldu\u011funu a\u00e7\u0131k\u00e7a ortaya koydu. Sadece Sertifika Otoritelerine (CA) g\u00fcvenmenin yeterli olmad\u0131\u011f\u0131 anla\u015f\u0131ld\u0131. \u0130\u015fte bu noktada, t\u00fcm payda\u015flar\u0131n kat\u0131l\u0131m\u0131yla denetlenebilen, \u015feffaf ve g\u00fcvenilir bir sistem olarak Certificate Transparency (CT) kavram\u0131 geli\u015ftirildi.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Certificate-Transparency-CT-Nedir\"><\/span>Certificate Transparency (CT) Nedir?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Certificate Transparency (Sertifika \u015eeffafl\u0131\u011f\u0131), internet \u00fczerindeki t\u00fcm g\u00fcvenilir SSL\/TLS sertifikalar\u0131n\u0131n halka a\u00e7\u0131k, s\u00fcrekli g\u00fcncellenen ve denetlenebilir kay\u0131tlarda (log) tutulmas\u0131n\u0131 sa\u011flayan bir a\u00e7\u0131k standart ve altyap\u0131d\u0131r. Bu sistem, herhangi bir Sertifika Otoritesi taraf\u0131ndan bir alan ad\u0131 i\u00e7in sertifika d\u00fczenlendi\u011finde, bu i\u015flemin herkese a\u00e7\u0131k bir &#8220;ilan tahtas\u0131na&#8221; as\u0131lmas\u0131na benzetilebilir. Bu sayede hem alan ad\u0131 sahipleri hem de internet toplulu\u011fu, hangi alan ad\u0131 i\u00e7in kimin sertifika d\u00fczenledi\u011fini an\u0131nda g\u00f6rebilir ve denetleyebilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"CTnin-Ana-Hedefleri-Tespit-Etme-Denetleme-ve-Seffaflik\"><\/span>CT&#8217;nin Ana Hedefleri: Tespit Etme, Denetleme ve \u015eeffafl\u0131k<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Certificate Transparency&#8217;nin temel amac\u0131, SSL\/TLS sertifika sistemini daha g\u00fcvenilir hale getirmektir. Bu amac\u0131 ger\u00e7ekle\u015ftirmek i\u00e7in \u00fc\u00e7 ana hedefi vard\u0131r:<\/p>\n<ul>\n<li><b>Tespit Etme (Detection):<\/b> Bir alan ad\u0131 sahibi i\u00e7in bilgisi d\u0131\u015f\u0131nda veya hatal\u0131 bir \u015fekilde d\u00fczenlenmi\u015f sertifikalar\u0131 h\u0131zla tespit etmeyi m\u00fcmk\u00fcn k\u0131lar. Alan ad\u0131 sahipleri ve g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131 bu herkese a\u00e7\u0131k kay\u0131tlar\u0131 izleyerek sahte sertifikalar\u0131 an\u0131nda fark edebilir.<\/li>\n<li><b>Denetleme (Auditing):<\/b> Sertifika Otoritelerinin (CA) faaliyetlerini ve d\u00fczenledikleri sertifikalar\u0131 herkesin denetimine a\u00e7ar. Bu durum, CA&#8217;lerin end\u00fcstri standartlar\u0131na ve kendi beyan ettikleri politikalara uymalar\u0131n\u0131 sa\u011flar ve onlar\u0131 daha sorumlu davranmaya te\u015fvik eder.<\/li>\n<li><b>\u015eeffafl\u0131k (Transparency):<\/b> Daha \u00f6nce kapal\u0131 bir kutu olan sertifika d\u00fczenleme s\u00fcrecini tamamen \u015feffaf hale getirir. Bu \u015feffafl\u0131k, genel olarak internet ekosistemine olan g\u00fcveni art\u0131r\u0131r ve kullan\u0131c\u0131lar\u0131 &#8220;Man-in-the-Middle&#8221; gibi <a href=\"https:\/\/www.ihs.com.tr\/blog\/siber-saldirilara-karsi-sigorta-bedelleri-artiyor\/\" target=\"_blank\">siber sald\u0131r\u0131lara<\/a> kar\u015f\u0131 korur.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Herkese-Acik-Degistirilemez-ve-Yalnizca-Ekleme-Yapilabilen-Kayit-Defteri-Fikri\"><\/span>Herkese A\u00e7\u0131k, De\u011fi\u015ftirilemez ve Yaln\u0131zca Ekleme Yap\u0131labilen Kay\u0131t Defteri Fikri<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Certificate Transparency sisteminin kalbinde, &#8220;log&#8221; ad\u0131 verilen \u00f6zel kay\u0131t defterleri yatar. Bu loglar, blockchain teknolojisindekine benzer temel prensipler \u00fczerine kuruludur ve \u00fc\u00e7 kritik \u00f6zelli\u011fe sahiptir:<\/p>\n<ul>\n<li><b>Herkese A\u00e7\u0131k (Public):<\/b> Loglar, internete ba\u011fl\u0131 olan herkes taraf\u0131ndan sorgulanabilir ve incelenebilir. Bu sayede tam bir \u015feffafl\u0131k sa\u011flan\u0131r.<\/li>\n<li><b>De\u011fi\u015ftirilemez (Tamper-Proof):<\/b> Loglara bir kez eklenen sertifika kayd\u0131, sonradan de\u011fi\u015ftirilemez veya silinemez. Bu \u00f6zellik, kriptografik mekanizmalarla (Merkle A\u011fa\u00e7lar\u0131 gibi) sa\u011flan\u0131r ve kay\u0131tlar\u0131n b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc garanti eder.<\/li>\n<li><b>Yaln\u0131zca Ekleme Yap\u0131labilir (Append-Only):<\/b> Loglara sadece yeni sertifika bilgileri eklenebilir. Mevcut kay\u0131tlar\u0131n \u00fczerine yazma veya silme i\u015flemi yap\u0131lamaz. Bu da kay\u0131t defterinin ge\u00e7mi\u015finin g\u00fcvenilir ve tutarl\u0131 kalmas\u0131n\u0131 sa\u011flar.<\/li>\n<\/ul>\n<p>Bu \u00fc\u00e7 ilke sayesinde CT loglar\u0131, SSL\/TLS sertifikalar\u0131 i\u00e7in g\u00fcvenilir ve tek bir do\u011fruluk kayna\u011f\u0131 haline gelir. Taray\u0131c\u0131lar, bir web sitesine ba\u011flan\u0131rken bu loglar\u0131 kontrol ederek sertifikan\u0131n me\u015fru olup olmad\u0131\u011f\u0131n\u0131 teyit edebilir.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Certificate-Transparency-Ekosisteminin-Bilesenleri-ve-Gorevleri\"><\/span>Certificate Transparency Ekosisteminin Bile\u015fenleri ve G\u00f6revleri<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Certificate Transparency, tek bir yap\u0131dan ziyade, birbiriyle etkile\u015fim i\u00e7inde \u00e7al\u0131\u015fan \u00fc\u00e7 temel bile\u015fenden olu\u015fan bir ekosistemdir: Sertifika G\u00fcnl\u00fckleri (Certificate Logs), Monit\u00f6rler (Monitors) ve Denet\u00e7iler (Auditors). Her bir bile\u015fenin, sistemin b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc ve g\u00fcvenli\u011fini sa\u011flamada kendine \u00f6zg\u00fc bir rol\u00fc vard\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Gunlukleri-Certificate-Logs\"><\/span>Sertifika G\u00fcnl\u00fckleri (Certificate Logs)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sertifika G\u00fcnl\u00fckleri, CT ekosisteminin temel ta\u015f\u0131d\u0131r. Bunlar, Sertifika Otoriteleri (CA) taraf\u0131ndan d\u00fczenlenen t\u00fcm SSL\/TLS sertifikalar\u0131n\u0131n kriptografik olarak g\u00fcvence alt\u0131na al\u0131nm\u0131\u015f, yaln\u0131zca ekleme yap\u0131labilen ve halka a\u00e7\u0131k kay\u0131t defterleridir.<\/p>\n<h4>Sertifikalar\u0131 Kaydetme ve Saklama<\/h4>\n<p>Bir CA, bir <a href=\"https:\/\/www.ihs.com.tr\/domain\/alan-adi-domain-tescili.html\" target=\"_blank\">alan ad\u0131<\/a> i\u00e7in sertifika d\u00fczenledi\u011finde, bu sertifikay\u0131 (veya bir \u00f6n sertifikay\u0131) bir veya daha fazla halka a\u00e7\u0131k CT g\u00fcnl\u00fc\u011f\u00fcne g\u00f6ndermek zorundad\u0131r. G\u00fcnl\u00fck sunucusu, bu sertifikay\u0131 kabul eder, kaydeder ve kar\u015f\u0131l\u0131\u011f\u0131nda \u0130mzal\u0131 Sertifika Zaman Damgas\u0131 (SCT &#8211; Signed Certificate Timestamp) ad\u0131 verilen bir &#8220;makbuz&#8221; \u00fcretir. Bu i\u015flem, sertifikan\u0131n belirli bir zamanda o g\u00fcnl\u00fc\u011fe kaydedildi\u011finin kriptografik bir kan\u0131t\u0131d\u0131r.<\/p>\n<h4>Merkle A\u011fa\u00e7lar\u0131 (Merkle Trees) ile Veri B\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc Sa\u011flama<\/h4>\n<p>CT g\u00fcnl\u00fckleri, kay\u0131tlar\u0131n de\u011fi\u015ftirilmedi\u011fini ve b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fcn korundu\u011funu garanti etmek i\u00e7in <b>Merkle A\u011fac\u0131<\/b> ad\u0131 verilen bir veri yap\u0131s\u0131 kullan\u0131r. Bu yap\u0131, her bir sertifikay\u0131 bir &#8220;yaprak&#8221; olarak al\u0131r ve bu yapraklar\u0131n hash&#8217;lerini alarak ikili a\u011fa\u00e7 yap\u0131s\u0131nda birle\u015ftirir. En tepede, t\u00fcm sertifikalar\u0131 temsil eden tek bir &#8220;k\u00f6k hash&#8221; (Merkle Root) bulunur. Bu yap\u0131 sayesinde, bir g\u00fcnl\u00fc\u011f\u00fcn ge\u00e7mi\u015fte de\u011fi\u015ftirilip de\u011fi\u015ftirilmedi\u011fini veya iki g\u00fcnl\u00fc\u011f\u00fcn ayn\u0131 kay\u0131tlara sahip olup olmad\u0131\u011f\u0131n\u0131 sadece en tepedeki k\u00f6k hash&#8217;leri kar\u015f\u0131la\u015ft\u0131rarak anlamak m\u00fcmk\u00fcnd\u00fcr. Ayr\u0131ca, belirli bir sertifikan\u0131n logda olup olmad\u0131\u011f\u0131n\u0131 t\u00fcm logu indirmeden verimli bir \u015fekilde do\u011frulamaya olanak tan\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Monitorler-Monitors\"><\/span>Monit\u00f6rler (Monitors)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Monit\u00f6rler, CT ekosisteminin &#8220;g\u00f6zetmenleri&#8221; veya &#8220;bek\u00e7i k\u00f6pekleri&#8221; olarak d\u00fc\u015f\u00fcn\u00fclebilir. G\u00f6revleri, t\u00fcm halka a\u00e7\u0131k sertifika g\u00fcnl\u00fcklerini s\u00fcrekli olarak taramak ve \u015f\u00fcpheli aktiviteleri tespit etmektir.<\/p>\n<h4>Sertifika G\u00fcnl\u00fcklerini S\u00fcrekli G\u00f6zlemleme<\/h4>\n<p>Monit\u00f6rler, bilinen t\u00fcm CT g\u00fcnl\u00fckleriyle d\u00fczenli olarak ileti\u015fim kurar ve yeni eklenen t\u00fcm sertifikalar\u0131 indirir. Bu sayede, sertifika ekosisteminde olan biten her \u015feyden haberdar olurlar. Alan ad\u0131 sahipleri, b\u00fcy\u00fck \u015firketler veya g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131 kendi monit\u00f6rlerini \u00e7al\u0131\u015ft\u0131rabilirler.<\/p>\n<h4>\u015e\u00fcpheli ve Politikaya Ayk\u0131r\u0131 Sertifikalar\u0131 Arama<\/h4>\n<p>Monit\u00f6rlerin as\u0131l i\u015flevi, toplad\u0131klar\u0131 veriler i\u00e7inde anormallikleri aramakt\u0131r. \u00d6rne\u011fin, bir alan ad\u0131 sahibi, kendi alan ad\u0131n\u0131 i\u00e7eren t\u00fcm sertifikalar i\u00e7in bir monit\u00f6r kurabilir. E\u011fer bilgisi d\u0131\u015f\u0131nda bir sertifika d\u00fczenlenirse, monit\u00f6r bunu hemen tespit eder ve alan ad\u0131 sahibini uyar\u0131r. Ayr\u0131ca monit\u00f6rler, CA&#8217;lerin politikalar\u0131na uymayan (\u00f6rne\u011fin, zay\u0131f anahtar kullanan veya yanl\u0131\u015f bilgi i\u00e7eren) sertifikalar\u0131 da belirleyebilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Denetciler-Auditors\"><\/span>Denet\u00e7iler (Auditors)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Denet\u00e7iler, sistemin genel tutarl\u0131l\u0131\u011f\u0131n\u0131 ve g\u00fcvenilirli\u011fini do\u011frulayan bile\u015fenlerdir. Hem g\u00fcnl\u00fcklerin d\u00fcr\u00fcst \u00e7al\u0131\u015ft\u0131\u011f\u0131ndan hem de istemcilerin (taray\u0131c\u0131lar\u0131n) do\u011fru bilgi ald\u0131\u011f\u0131ndan emin olurlar.<\/p>\n<h4>G\u00fcnl\u00fcklerin Tutarl\u0131l\u0131\u011f\u0131n\u0131 ve Do\u011frulu\u011funu Kontrol Etme<\/h4>\n<p>Denet\u00e7iler, bir g\u00fcnl\u00fc\u011f\u00fcn kriptografik \u00f6zelliklerini periyodik olarak kontrol eder. \u00d6rne\u011fin, bir g\u00fcnl\u00fc\u011f\u00fcn ge\u00e7mi\u015fte bir kayd\u0131 silip silmedi\u011fini veya Merkle A\u011fac\u0131 yap\u0131s\u0131n\u0131n tutarl\u0131 olup olmad\u0131\u011f\u0131n\u0131 denetlerler. Bu denetimler, g\u00fcnl\u00fck sunucular\u0131n\u0131n hile yapmas\u0131n\u0131 neredeyse imkans\u0131z hale getirir.<\/p>\n<h4>Taray\u0131c\u0131lar\u0131n ve \u0130stemcilerin Denetim Fonksiyonu<\/h4>\n<p>Modern web taray\u0131c\u0131lar\u0131 (Google Chrome, Safari, Firefox vb.), yerle\u015fik denet\u00e7i (auditor) mekanizmalar\u0131na sahiptir. Bir kullan\u0131c\u0131 HTTPS&#8217;li bir siteye ba\u011fland\u0131\u011f\u0131nda, taray\u0131c\u0131 sadece sertifikan\u0131n ge\u00e7erli olup olmad\u0131\u011f\u0131n\u0131 de\u011fil, ayn\u0131 zamanda sertifikan\u0131n ge\u00e7erli bir SCT i\u00e7erip i\u00e7ermedi\u011fini de kontrol eder. Bu SCT, sertifikan\u0131n g\u00fcvenilir bir CT g\u00fcnl\u00fc\u011f\u00fcne kaydedildi\u011finin kan\u0131t\u0131d\u0131r. Taray\u0131c\u0131, bu kan\u0131t\u0131 do\u011frulayarak asl\u0131nda k\u00fc\u00e7\u00fck bir denetim ger\u00e7ekle\u015ftirmi\u015f olur ve kullan\u0131c\u0131n\u0131n g\u00fcvenli\u011fini sa\u011flar.<\/p>\n<div class=\"karsilastirma\">\n<table>\n<thead>\n<tr>\n<th>Bile\u015fen<\/th>\n<th>Ana G\u00f6revi<\/th>\n<th>Kullan\u0131c\u0131 \u0130\u00e7in Anlam\u0131<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><b>Sertifika G\u00fcnl\u00fckleri (Logs)<\/b><\/td>\n<td>T\u00fcm sertifikalar\u0131 kaydetmek ve de\u011fi\u015fmez bir kay\u0131t defteri tutmak.<\/td>\n<td>D\u00fczenlenen her sertifikan\u0131n \u015feffaf bir \u015fekilde listelendi\u011fi g\u00fcvenilir bir ar\u015fiv sa\u011flar.<\/td>\n<\/tr>\n<tr>\n<td><b>Monit\u00f6rler (Monitors)<\/b><\/td>\n<td>G\u00fcnl\u00fckleri s\u00fcrekli tarayarak \u015f\u00fcpheli veya sahte sertifikalar\u0131 tespit etmek.<\/td>\n<td>Alan ad\u0131n\u0131z i\u00e7in izniniz d\u0131\u015f\u0131nda bir sertifika d\u00fczenlendi\u011finde an\u0131nda haberdar olman\u0131z\u0131 sa\u011flar.<\/td>\n<\/tr>\n<tr>\n<td><b>Denet\u00e7iler (Auditors)<\/b><\/td>\n<td>G\u00fcnl\u00fcklerin b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc ve taray\u0131c\u0131lar\u0131n ald\u0131\u011f\u0131 bilgilerin do\u011frulu\u011funu kontrol etmek.<\/td>\n<td>Kulland\u0131\u011f\u0131n\u0131z taray\u0131c\u0131n\u0131n, sahte veya kaydedilmemi\u015f bir sertifikaya kar\u015f\u0131 sizi otomatik olarak korumas\u0131n\u0131 sa\u011flar.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h2><span class=\"ez-toc-section\" id=\"Certificate-Transparencynin-Adim-Adim-Calisma-Mekanizmasi\"><\/span>Certificate Transparency&#8217;nin Ad\u0131m Ad\u0131m \u00c7al\u0131\u015fma Mekanizmas\u0131<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Certificate Transparency&#8217;nin teorik yap\u0131s\u0131n\u0131 anlad\u0131ktan sonra, pratikte bir <a href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-sertifikasi-nedir-onemlidir\/\" target=\"_blank\">SSL sertifikas\u0131<\/a> d\u00fczenlenirken bu sistemin nas\u0131l i\u015fledi\u011fini ad\u0131m ad\u0131m g\u00f6rmek, konuyu daha net hale getirecektir. S\u00fcre\u00e7, Sertifika Otoritesi&#8217;nin (CA) sertifikay\u0131 bir CT g\u00fcnl\u00fc\u011f\u00fcne g\u00f6ndermesiyle ba\u015flar ve kullan\u0131c\u0131n\u0131n taray\u0131c\u0131s\u0131n\u0131n bu kayd\u0131 do\u011frulamas\u0131yla sona erer.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Bir-Sertifikanin-CT-Gunlugune-Gonderilmesi\"><\/span>Bir Sertifikan\u0131n CT G\u00fcnl\u00fc\u011f\u00fcne G\u00f6nderilmesi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Bir web sitesi sahibi SSL sertifikas\u0131 ba\u015fvurusunda bulundu\u011funda ve CA, alan ad\u0131 sahipli\u011fini do\u011frulad\u0131\u011f\u0131nda, as\u0131l sertifikay\u0131 olu\u015fturmadan \u00f6nce bir &#8220;\u00f6n sertifika&#8221; (precertificate) olu\u015fturur. Bu \u00f6n sertifika, son sertifikayla neredeyse ayn\u0131 bilgilere sahiptir. CA, bu \u00f6n sertifikay\u0131 bir veya daha fazla halka a\u00e7\u0131k, g\u00fcvenilir Certificate Transparency g\u00fcnl\u00fc\u011f\u00fcne g\u00f6nderir. Bu, s\u00fcrecin ilk ve en \u00f6nemli ad\u0131m\u0131d\u0131r, \u00e7\u00fcnk\u00fc sertifikan\u0131n varl\u0131\u011f\u0131 art\u0131k kamuya a\u00e7\u0131k bir kayda girmi\u015ftir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Imzali-Sertifika-Zaman-Damgasi-SCT-%E2%80%93-Signed-Certificate-Timestamp-Nedir\"><\/span>\u0130mzal\u0131 Sertifika Zaman Damgas\u0131 (SCT &#8211; Signed Certificate Timestamp) Nedir?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>CT g\u00fcnl\u00fc\u011f\u00fc, CA&#8217;dan gelen \u00f6n sertifikay\u0131 ald\u0131\u011f\u0131nda bunu kendi kay\u0131t defterine (Merkle A\u011fac\u0131) ekler. Kay\u0131t i\u015flemi ba\u015far\u0131l\u0131 oldu\u011funda, g\u00fcnl\u00fck sunucusu, bu i\u015flemin kan\u0131t\u0131 olarak <b>\u0130mzal\u0131 Sertifika Zaman Damgas\u0131 (SCT)<\/b> ad\u0131 verilen kriptografik bir imza olu\u015fturur. SCT, \u00f6z\u00fcnde bir &#8220;makbuzdur&#8221; ve \u015fu bilgileri i\u00e7erir:<\/p>\n<ul>\n<li>Sertifikan\u0131n hangi g\u00fcnl\u00fc\u011fe kaydedildi\u011fi.<\/li>\n<li>Kayd\u0131n ne zaman yap\u0131ld\u0131\u011f\u0131 (zaman damgas\u0131).<\/li>\n<li>G\u00fcnl\u00fc\u011f\u00fcn bu bilgileri do\u011frulayan dijital imzas\u0131.<\/li>\n<\/ul>\n<p>Bu SCT, sertifikan\u0131n herkese a\u00e7\u0131k bir \u015fekilde g\u00fcnl\u00fc\u011fe kaydedildi\u011finin ve denetlenebilir oldu\u011funun de\u011fi\u015ftirilemez bir kan\u0131t\u0131d\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"SCTnin-Alinmasi-ve-Sertifikaya-Eklenmesi\"><\/span>SCT&#8217;nin Al\u0131nmas\u0131 ve Sertifikaya Eklenmesi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>CA, CT g\u00fcnl\u00fc\u011f\u00fcnden SCT&#8217;yi ald\u0131ktan sonra, bu bilgiyi son kullan\u0131c\u0131ya sunulacak olan nihai SSL sertifikas\u0131na dahil etmelidir. SCT&#8217;nin taray\u0131c\u0131ya iletilmesinin \u00fc\u00e7 yayg\u0131n yolu vard\u0131r:<\/p>\n<div class=\"karsilastirma\">\n<table>\n<thead>\n<tr>\n<th>Y\u00f6ntem<\/th>\n<th>A\u00e7\u0131klama<\/th>\n<th>Avantaj\u0131<\/th>\n<th>Dezavantaj\u0131<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><b>Sertifikaya G\u00f6mme (X.509v3 Extension)<\/b><\/td>\n<td>SCT, do\u011frudan SSL sertifikas\u0131n\u0131n i\u00e7ine bir eklenti olarak yerle\u015ftirilir. Bu en yayg\u0131n y\u00f6ntemdir.<\/td>\n<td>Sunucu yap\u0131land\u0131rmas\u0131 gerektirmez, en basit ve g\u00fcvenilir y\u00f6ntemdir.<\/td>\n<td>Sertifika bir kez d\u00fczenlendi\u011finde SCT&#8217;ler de\u011fi\u015ftirilemez.<\/td>\n<\/tr>\n<tr>\n<td><b>TLS Uzant\u0131s\u0131 (TLS Extension)<\/b><\/td>\n<td>SCT, sertifikadan ayr\u0131 olarak, web sunucusu taraf\u0131ndan TLS el s\u0131k\u0131\u015fmas\u0131 (handshake) s\u0131ras\u0131nda taray\u0131c\u0131ya g\u00f6nderilir.<\/td>\n<td>Sertifikay\u0131 de\u011fi\u015ftirmeden SCT&#8217;leri g\u00fcncelleme esnekli\u011fi sunar.<\/td>\n<td>Web sunucusunun bu \u00f6zelli\u011fi desteklemesi ve do\u011fru yap\u0131land\u0131r\u0131lmas\u0131 gerekir.<\/td>\n<\/tr>\n<tr>\n<td><b>OCSP Stapling<\/b><\/td>\n<td>SCT, sertifikan\u0131n ge\u00e7erlilik durumunu kontrol etmek i\u00e7in kullan\u0131lan OCSP yan\u0131t\u0131na eklenir.<\/td>\n<td>TLS uzant\u0131s\u0131na benzer \u015fekilde esneklik sa\u011flar ve performans\u0131 art\u0131rabilir.<\/td>\n<td>Hem sunucu hem de CA taraf\u0131ndan desteklenmesi gerekir, yayg\u0131nl\u0131\u011f\u0131 daha azd\u0131r.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h3><span class=\"ez-toc-section\" id=\"Tarayicinin-Istemcinin-Baglanti-Sirasinda-SCTyi-Dogrulamasi\"><\/span>Taray\u0131c\u0131n\u0131n (\u0130stemcinin) Ba\u011flant\u0131 S\u0131ras\u0131nda SCT&#8217;yi Do\u011frulamas\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Bir kullan\u0131c\u0131, web taray\u0131c\u0131s\u0131yla HTTPS protokol\u00fc kullanan bir siteye ba\u011fland\u0131\u011f\u0131nda, taray\u0131c\u0131 sunucudan SSL sertifikas\u0131n\u0131 al\u0131r. Taray\u0131c\u0131, standart do\u011frulama ad\u0131mlar\u0131n\u0131n (imza, ge\u00e7erlilik s\u00fcresi, g\u00fcven zinciri vb.) yan\u0131 s\u0131ra art\u0131k CT politikas\u0131n\u0131 da uygular. Taray\u0131c\u0131, sertifikada veya TLS ba\u011flant\u0131s\u0131 i\u00e7inde ge\u00e7erli ve g\u00fcvenilir CT g\u00fcnl\u00fcklerinden al\u0131nm\u0131\u015f yeterli say\u0131da SCT olup olmad\u0131\u011f\u0131n\u0131 kontrol eder. \u00d6rne\u011fin, Google Chrome, sertifikan\u0131n \u00f6mr\u00fcne ba\u011fl\u0131 olarak farkl\u0131 say\u0131da SCT talep edebilir. Taray\u0131c\u0131, SCT&#8217;nin imzas\u0131n\u0131n do\u011fru olup olmad\u0131\u011f\u0131n\u0131 ve SCT&#8217;yi veren g\u00fcnl\u00fc\u011f\u00fcn kendi g\u00fcvenilir g\u00fcnl\u00fck listesinde yer al\u0131p almad\u0131\u011f\u0131n\u0131 do\u011frular.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"SCT-Dogrulanamazsa-Ne-Olur\"><\/span>SCT Do\u011frulanamazsa Ne Olur?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>E\u011fer bir taray\u0131c\u0131, ba\u011fland\u0131\u011f\u0131 sitenin sertifikas\u0131 i\u00e7in ge\u00e7erli bir SCT bulamazsa veya mevcut SCT&#8217;ler taray\u0131c\u0131n\u0131n CT politikas\u0131 gereksinimlerini kar\u015f\u0131lam\u0131yorsa, bu sertifikay\u0131 G\u00dcVENS\u0130Z olarak kabul eder. Bu durumda taray\u0131c\u0131, kullan\u0131c\u0131y\u0131 korumak i\u00e7in genellikle tam sayfa bir g\u00fcvenlik uyar\u0131s\u0131 g\u00f6sterir ve siteye ba\u011flant\u0131y\u0131 engeller. \u00d6rne\u011fin, &#8220;Ba\u011flant\u0131n\u0131z gizli de\u011fil&#8221; (NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED) gibi bir hata mesaj\u0131 g\u00f6r\u00fcnt\u00fclenebilir. Bu, CT&#8217;nin son kullan\u0131c\u0131y\u0131 korumadaki en somut etkisidir; \u00e7\u00fcnk\u00fc \u015feffaf bir \u015fekilde kaydedilmemi\u015f hi\u00e7bir sertifikaya modern taray\u0131c\u0131lar taraf\u0131ndan g\u00fcvenilmez.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Certificate-Transparency-Sizi-Sahte-Sertifikalardan-Nasil-Korur\"><\/span>Certificate Transparency Sizi Sahte Sertifikalardan Nas\u0131l Korur?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Certificate Transparency (CT), sadece teorik bir g\u00fcvenlik mekanizmas\u0131 de\u011fildir; hem alan ad\u0131 sahipleri hem de s\u0131radan internet kullan\u0131c\u0131lar\u0131 i\u00e7in somut ve g\u00fc\u00e7l\u00fc korumalar sa\u011flar. Sistemin \u015feffafl\u0131k ilkesi, SSL\/TLS ekosistemindeki t\u00fcm payda\u015flar\u0131 daha g\u00fcvenli ve sorumlu davranmaya te\u015fvik eder.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Alan-Adi-Sahipleri-Icin-Koruma\"><\/span>Alan Ad\u0131 Sahipleri \u0130\u00e7in Koruma<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Web sitesi ve marka sahipleri i\u00e7in CT, dijital kimliklerinin kontrol\u00fcn\u00fc kendi ellerine almalar\u0131n\u0131 sa\u011flayan kritik bir ara\u00e7t\u0131r.<\/p>\n<h4>Bilginiz D\u0131\u015f\u0131nda Alan Ad\u0131n\u0131za Sertifika D\u00fczenlenmesini Tespit Etme<\/h4>\n<p>CT&#8217;den \u00f6nce, bir siber su\u00e7lu veya hatal\u0131 bir Sertifika Otoritesi (CA), sizin <a href=\"https:\/\/www.ihs.com.tr\/blog\/domain-nedir-ne-ise-yarar\/\" target=\"_blank\">domain<\/a> ad\u0131n\u0131z i\u00e7in sahte bir SSL sertifikas\u0131 d\u00fczenledi\u011finde bundan haberiniz olmazd\u0131. Bu sahte sertifika, sitenizi taklit eden kimlik av\u0131 (phishing) sitelerinde veya &#8220;Man-in-the-Middle&#8221; sald\u0131r\u0131lar\u0131nda kullan\u0131labilirdi. Art\u0131k CT sayesinde, bir CA sizin alan ad\u0131n\u0131z i\u00e7in bir sertifika d\u00fczenledi\u011fi anda bu i\u015flem halka a\u00e7\u0131k bir g\u00fcnl\u00fc\u011fe kaydedilmek zorundad\u0131r. Bu, ad\u0131n\u0131za at\u0131lan her ad\u0131m\u0131 \u015feffaf hale getirir.<\/p>\n<h4>CT G\u00fcnl\u00fcklerini \u0130zleyerek Kontrol Sa\u011flama<\/h4>\n<p>Alan ad\u0131 sahipleri, CT g\u00fcnl\u00fcklerini s\u00fcrekli izleyen monit\u00f6r hizmetlerini kullanabilirler. Bu hizmetler, sizin belirtti\u011finiz alan adlar\u0131 (\u00f6rne\u011fin, *.sirketim.com) i\u00e7in yeni bir sertifika d\u00fczenlendi\u011finde bunu an\u0131nda tespit eder ve size bir uyar\u0131 e-postas\u0131 g\u00f6nderir. E\u011fer bu sertifika talebi sizden gelmediyse, bunun sahte bir giri\u015fim oldu\u011funu hemen anlar, ilgili CA ile ileti\u015fime ge\u00e7erek sertifikay\u0131 iptal ettirebilir ve gerekli yasal i\u015flemleri ba\u015flatabilirsiniz. Bu proaktif koruma, marka itibar\u0131n\u0131z\u0131 ve kullan\u0131c\u0131lar\u0131n\u0131z\u0131n g\u00fcvenli\u011fini korumada hayati bir rol oynar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Internet-Kullanicilari-Icin-Koruma\"><\/span>\u0130nternet Kullan\u0131c\u0131lar\u0131 \u0130\u00e7in Koruma<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>S\u0131radan internet kullan\u0131c\u0131lar\u0131, CT&#8217;nin varl\u0131\u011f\u0131ndan haberdar olmasalar bile, bu sistemin sa\u011flad\u0131\u011f\u0131 korumalardan her g\u00fcn faydalan\u0131rlar.<\/p>\n<h4>Taray\u0131c\u0131lar\u0131n Sahte Sertifikalar\u0131 Otomatik Olarak Reddetmesi<\/h4>\n<p>Google Chrome, Safari, Firefox gibi modern taray\u0131c\u0131lar, CT politikas\u0131n\u0131 zorunlu k\u0131lar. Bir web sitesine ba\u011fland\u0131\u011f\u0131n\u0131zda, taray\u0131c\u0131n\u0131z arka planda sitenin SSL sertifikas\u0131n\u0131n ge\u00e7erli bir CT kayd\u0131na (SCT) sahip olup olmad\u0131\u011f\u0131n\u0131 kontrol eder. E\u011fer sertifika, g\u00fcvenilir bir CT g\u00fcnl\u00fc\u011f\u00fcne kaydedilmemi\u015fse, taray\u0131c\u0131 bu sertifikay\u0131 otomatik olarak ge\u00e7ersiz sayar ve size bir g\u00fcvenlik uyar\u0131s\u0131 g\u00f6stererek sahte siteye eri\u015fmenizi engeller. Bu, sizin herhangi bir ek i\u015flem yapman\u0131za gerek kalmadan, fark\u0131nda bile olmadan sahte sitelere kar\u015f\u0131 korunman\u0131z anlam\u0131na gelir.<\/p>\n<h4>&#8220;Man-in-the-Middle&#8221; (Ortadaki Adam) Sald\u0131r\u0131lar\u0131na Kar\u015f\u0131 G\u00fcvenli\u011fin Art\u0131r\u0131lmas\u0131<\/h4>\n<p>&#8220;Man-in-the-Middle&#8221; sald\u0131r\u0131lar\u0131, sald\u0131rgan\u0131n sizinle ba\u011fland\u0131\u011f\u0131n\u0131z web sitesi aras\u0131na girerek ileti\u015fimi dinlemesi veya de\u011fi\u015ftirmesidir. Bu sald\u0131r\u0131 t\u00fcr\u00fcn\u00fcn ba\u015far\u0131l\u0131 olmas\u0131 i\u00e7in genellikle sahte bir SSL sertifikas\u0131 kullan\u0131l\u0131r. CT, sahte sertifika elde etmeyi ve kullanmay\u0131 \u00e7ok zorla\u015ft\u0131rd\u0131\u011f\u0131 i\u00e7in bu t\u00fcr sald\u0131r\u0131lara kar\u015f\u0131 \u00f6nemli bir savunma katman\u0131 ekler. Sald\u0131rgan\u0131n d\u00fczenleyece\u011fi sahte bir sertifika halka a\u00e7\u0131k kay\u0131tlarda g\u00f6r\u00fcnece\u011fi i\u00e7in an\u0131nda tespit edilir veya taray\u0131c\u0131lar taraf\u0131ndan reddedilir, bu da sald\u0131r\u0131y\u0131 ba\u015far\u0131s\u0131z k\u0131lar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tum-Internet-Ekosistemi-Icin-Sagladigi-Faydalar\"><\/span>T\u00fcm \u0130nternet Ekosistemi \u0130\u00e7in Sa\u011flad\u0131\u011f\u0131 Faydalar<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>CT&#8217;nin etkisi bireysel kullan\u0131c\u0131lar ve \u015firketlerle s\u0131n\u0131rl\u0131 kalmaz, t\u00fcm internetin g\u00fcvenli\u011fini ve \u015feffafl\u0131\u011f\u0131n\u0131 art\u0131r\u0131r.<\/p>\n<h4>Sertifika Otoritelerinin Daha Sorumlu ve \u015eeffaf Hale Gelmesi<\/h4>\n<p>CT, Sertifika Otoriteleri&#8217;nin (CA) t\u00fcm faaliyetlerini kamuoyunun denetimine a\u00e7ar. D\u00fczenledikleri her sertifika art\u0131k herkes taraf\u0131ndan g\u00f6r\u00fclebilir. Bu durum, CA&#8217;leri end\u00fcstri standartlar\u0131na ve kendi g\u00fcvenlik politikalar\u0131na s\u0131k\u0131 s\u0131k\u0131ya ba\u011fl\u0131 kalmaya zorlar. Hatal\u0131 veya kurallara ayk\u0131r\u0131 bir sertifika d\u00fczenlediklerinde bu durum h\u0131zla ortaya \u00e7\u0131kar ve itibarlar\u0131n\u0131 ciddi \u015fekilde zedeleyebilir. Bu &#8220;g\u00f6zetim&#8221; mekanizmas\u0131, CA&#8217;lerin daha dikkatli ve sorumlu davranmas\u0131n\u0131 sa\u011flar.<\/p>\n<h4>SSL\/TLS G\u00fcvenli\u011finde Kolektif Denetim Mekanizmas\u0131 Olu\u015fturma<\/h4>\n<p>Certificate Transparency, SSL\/TLS g\u00fcvenli\u011fini sadece birka\u00e7 y\u00fcz CA&#8217;n\u0131n sorumlulu\u011fundan \u00e7\u0131kar\u0131p t\u00fcm internet toplulu\u011funun (alan ad\u0131 sahipleri, g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131, taray\u0131c\u0131 \u00fcreticileri ve son kullan\u0131c\u0131lar) ortak sorumlulu\u011fu haline getirir. Bu kolektif denetim, ekosistemi \u00e7ok daha dayan\u0131kl\u0131 hale getirir. Tek bir CA&#8217;n\u0131n ele ge\u00e7irilmesi veya hata yapmas\u0131 art\u0131k t\u00fcm sistemi \u00e7\u00f6kertemez, \u00e7\u00fcnk\u00fc bu anormallik \u015feffaf kay\u0131tlar sayesinde h\u0131zla tespit edilip izole edilebilir.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Certificate-Transparencynin-Uygulamadaki-Yonleri-ve-Dikkat-Edilmesi-Gerekenler\"><\/span>Certificate Transparency&#8217;nin Uygulamadaki Y\u00f6nleri ve Dikkat Edilmesi Gerekenler<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Certificate Transparency (CT), SSL\/TLS g\u00fcvenli\u011fini \u00f6nemli \u00f6l\u00e7\u00fcde art\u0131rm\u0131\u015f olsa da, uygulamas\u0131n\u0131n baz\u0131 pratik y\u00f6nleri ve beraberinde getirdi\u011fi dikkat edilmesi gereken konular bulunmaktad\u0131r. Bu konular\u0131 bilmek, hem web sitesi y\u00f6neticileri hem de gizlilik konusunda hassas kullan\u0131c\u0131lar i\u00e7in \u00f6nemlidir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"CT-Politikalarini-Zorunlu-Kilan-Tarayicilar-Google-Chrome-Safari-vb\"><\/span>CT Politikalar\u0131n\u0131 Zorunlu K\u0131lan Taray\u0131c\u0131lar (Google Chrome, Safari vb.)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>CT&#8217;nin yayg\u0131nla\u015fmas\u0131ndaki en b\u00fcy\u00fck itici g\u00fc\u00e7, b\u00fcy\u00fck taray\u0131c\u0131 \u00fcreticilerinin bu teknolojiyi zorunlu hale getirmesidir. Google Chrome, 2018&#8217;den itibaren t\u00fcm yeni d\u00fczenlenen SSL sertifikalar\u0131 i\u00e7in CT bilgilerinin (SCT) varl\u0131\u011f\u0131n\u0131 zorunlu k\u0131lm\u0131\u015ft\u0131r. Apple da Safari taray\u0131c\u0131s\u0131 i\u00e7in benzer bir politika izlemektedir. E\u011fer bir web sitesinin SSL sertifikas\u0131 bu politikalara uymazsa, yani ge\u00e7erli SCT&#8217;lere sahip de\u011filse, bu taray\u0131c\u0131lar siteye eri\u015fimi engelleyerek kullan\u0131c\u0131lara bir g\u00fcvenlik uyar\u0131s\u0131 g\u00f6sterir. Bu durum, web sitesi sahiplerinin kulland\u0131klar\u0131 Sertifika Otoritesi&#8217;nin (CA) CT uyumlu oldu\u011fundan emin olmalar\u0131n\u0131 kritik hale getirmi\u015ftir. <a href=\"https:\/\/www.ihs.com.tr\/web-hosting\/\" target=\"_blank\">Hosting<\/a> sa\u011flay\u0131c\u0131n\u0131z\u0131n veya sertifika ald\u0131\u011f\u0131n\u0131z firman\u0131n bu modern standartlara uyumlu olmas\u0131, sitenizin eri\u015filebilirli\u011fi i\u00e7in hayati \u00f6nem ta\u015f\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Alt-Alan-Adlarinin-Subdomain-Aciga-Cikmasi-ve-Gizlilik-Konulari\"><\/span>Alt Alan Adlar\u0131n\u0131n (Subdomain) A\u00e7\u0131\u011fa \u00c7\u0131kmas\u0131 ve Gizlilik Konular\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>CT&#8217;nin en \u00f6nemli \u00f6zelliklerinden biri \u015feffafl\u0131kt\u0131r, ancak bu \u015feffafl\u0131k baz\u0131 gizlilik endi\u015felerini de beraberinde getirir. Bir alan ad\u0131 i\u00e7in sertifika d\u00fczenlendi\u011finde, bu sertifikada yer alan t\u00fcm alan adlar\u0131 (ana domain ve t\u00fcm alt alan adlar\u0131\/subdomain&#8217;ler) halka a\u00e7\u0131k CT g\u00fcnl\u00fcklerine kaydedilir. Bu durum \u015fu anlama gelir:<\/p>\n<ul>\n<li><b>Dahili Sunucular\u0131n \u0130f\u015fa Olmas\u0131:<\/b> \u015eirketlerin normalde d\u0131\u015f d\u00fcnyaya kapal\u0131 olmas\u0131n\u0131 istedikleri i\u00e7 a\u011f sunucular\u0131 (\u00f6rne\u011fin, <code>test.sirketim.com<\/code>, <code>mail.internal.sirketim.com<\/code>, <code>dev-sql.sirketim.com<\/code>) i\u00e7in SSL sertifikas\u0131 d\u00fczenlenirse, bu alt alan adlar\u0131 herkes taraf\u0131ndan g\u00f6r\u00fclebilir hale gelir. Bu durum, potansiyel sald\u0131rganlara hedef alabilecekleri sunucular\u0131n bir listesini sunar.<\/li>\n<li><b>Gizli Projelerin A\u00e7\u0131\u011fa \u00c7\u0131kmas\u0131:<\/b> Hen\u00fcz lansman\u0131 yap\u0131lmam\u0131\u015f bir \u00fcr\u00fcn veya hizmet i\u00e7in olu\u015fturulan alt alan adlar\u0131 (\u00f6rne\u011fin, <code>yeniproje.sirketim.com<\/code>), CT g\u00fcnl\u00fckleri arac\u0131l\u0131\u011f\u0131yla rakipler taraf\u0131ndan erkenden fark edilebilir.<\/li>\n<\/ul>\n<p>Bu gizlilik sorununu a\u015fmak i\u00e7in baz\u0131 \u015firketler, birden \u00e7ok <a href=\"https:\/\/www.ihs.com.tr\/blog\/subdomain-alt-alan-adi-nedir-nasil-kullanilmalidir\/\" target=\"_blank\">alt alan ad\u0131n\u0131<\/a> tek bir sertifikada toplayan <b>Wildcard SSL<\/b> sertifikalar\u0131n\u0131 (*.sirketim.com gibi) tercih ederler. Wildcard sertifikalar\u0131, hangi alt alan adlar\u0131n\u0131n korundu\u011funu tek tek listelemedi\u011fi i\u00e7in bu riski azalt\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Kendi-Alan-Adiniz-Icin-CT-Gunluklerini-Nasil-Kontrol-Edebilirsiniz\"><\/span>Kendi Alan Ad\u0131n\u0131z \u0130\u00e7in CT G\u00fcnl\u00fcklerini Nas\u0131l Kontrol Edebilirsiniz?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Kendi alan ad\u0131n\u0131z i\u00e7in hangi SSL sertifikalar\u0131n\u0131n d\u00fczenlendi\u011fini merak ediyor ve kontrol etmek istiyorsan\u0131z, bunu yapman\u0131z\u0131 sa\u011flayan \u00e7e\u015fitli \u00e7evrimi\u00e7i ara\u00e7lar mevcuttur. Bu ara\u00e7lar, halka a\u00e7\u0131k t\u00fcm CT g\u00fcnl\u00fcklerini tarayarak belirtti\u011finiz alan ad\u0131n\u0131 i\u00e7eren sertifikalar\u0131 listeler. Pop\u00fcler CT izleme ara\u00e7lar\u0131ndan baz\u0131lar\u0131 \u015funlard\u0131r:<\/p>\n<ul>\n<li><b>crt.sh:<\/b> Comodo (\u015fimdiki ad\u0131yla Sectigo) taraf\u0131ndan sunulan bu \u00fccretsiz ara\u00e7, en bilinen ve yayg\u0131n kullan\u0131lan CT arama motorlar\u0131ndan biridir. Alan ad\u0131n\u0131z\u0131 veya \u015firket ad\u0131n\u0131z\u0131 yazarak ilgili t\u00fcm sertifikalar\u0131, d\u00fczenlenme tarihlerini, CA bilgilerini ve ge\u00e7erlilik s\u00fcrelerini g\u00f6rebilirsiniz.<\/li>\n<li><b>Google&#8217;\u0131n Certificate Transparency Raporu:<\/b> Google, kendi CT aray\u00fcz\u00fc \u00fczerinden de sorgulama yapman\u0131za olanak tan\u0131r.<\/li>\n<li><b>Facebook Certificate Transparency Monitoring:<\/b> Facebook da kendi geli\u015ftirdi\u011fi bir izleme arac\u0131 sunar. Bu araca alan adlar\u0131n\u0131z\u0131 ekleyerek, yeni bir sertifika d\u00fczenlendi\u011finde otomatik olarak e-posta veya Facebook bildirimi alabilirsiniz.<\/li>\n<\/ul>\n<p>Bu ara\u00e7lar\u0131 periyodik olarak kullanarak, alan ad\u0131n\u0131z \u00fczerindeki kontrol\u00fcn\u00fcz\u00fc art\u0131rabilir ve bilginiz d\u0131\u015f\u0131nda herhangi bir sertifika d\u00fczenlenip d\u00fczenlenmedi\u011fini kolayca denetleyebilirsiniz.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"SSLTLS-Sertifika-Guvenliginiz-Icin-Neden-IHS-Telekomu-Tercih-Etmelisiniz\"><\/span>SSL\/TLS Sertifika G\u00fcvenli\u011finiz \u0130\u00e7in Neden \u0130HS Telekom&#8217;u Tercih Etmelisiniz?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Web sitenizin ve kullan\u0131c\u0131lar\u0131n\u0131z\u0131n g\u00fcvenli\u011fi, do\u011fru i\u015f ortaklar\u0131n\u0131 se\u00e7mekle ba\u015flar. SSL\/TLS sertifikalar\u0131 ve Certificate Transparency gibi modern g\u00fcvenlik standartlar\u0131 s\u00f6z konusu oldu\u011funda, g\u00fcvenilir, tecr\u00fcbeli ve teknolojik geli\u015fmeleri yak\u0131ndan takip eden bir servis sa\u011flay\u0131c\u0131 ile \u00e7al\u0131\u015fmak kritik \u00f6neme sahiptir. \u0130HS Telekom, bu alanda ihtiya\u00e7 duydu\u011funuz t\u00fcm \u00e7\u00f6z\u00fcmleri ve uzmanl\u0131\u011f\u0131 tek bir \u00e7at\u0131 alt\u0131nda sunar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Onde-Gelen-ve-Guvenilir-Sertifika-Otoriteleriyle-Is-Ortakligi\"><\/span>\u00d6nde Gelen ve G\u00fcvenilir Sertifika Otoriteleriyle \u0130\u015f Ortakl\u0131\u011f\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0130HS Telekom, SSL\/TLS sertifikas\u0131 tedari\u011finde DigiCert, Sectigo (Comodo), GeoTrust gibi d\u00fcnyan\u0131n en sayg\u0131n ve g\u00fcvenilir Sertifika Otoriteleri (CA) ile \u00e7al\u0131\u015f\u0131r. Bu CA&#8217;ler, en y\u00fcksek g\u00fcvenlik standartlar\u0131na ve denetim prosed\u00fcrlerine uyan, sekt\u00f6r lideri kurulu\u015flard\u0131r. Bu sayede, \u0130HS Telekom \u00fczerinden alaca\u011f\u0131n\u0131z her sertifikan\u0131n, t\u00fcm taray\u0131c\u0131lar taraf\u0131ndan tan\u0131nan ve en \u00fcst d\u00fczeyde g\u00fcven sa\u011flayan bir kaynaktan geldi\u011finden emin olabilirsiniz.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"CT-Politikalarina-Tam-Uyumlu-Sertifika-Secenekleri\"><\/span>CT Politikalar\u0131na Tam Uyumlu Sertifika Se\u00e7enekleri<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Google Chrome ve Safari gibi b\u00fcy\u00fck taray\u0131c\u0131lar\u0131n Certificate Transparency (CT) politikalar\u0131n\u0131 zorunlu k\u0131lmas\u0131, CT uyumlulu\u011funu bir se\u00e7enek olmaktan \u00e7\u0131kar\u0131p bir zorunluluk haline getirmi\u015ftir. \u0130HS Telekom taraf\u0131ndan sunulan t\u00fcm SSL sertifikalar\u0131, bu modern gerekliliklere %100 uyumludur. Sertifikan\u0131z d\u00fczenlenirken gerekli olan \u0130mzal\u0131 Sertifika Zaman Damgalar\u0131 (SCT) otomatik olarak eklenir, b\u00f6ylece web sitenizin hi\u00e7bir taray\u0131c\u0131da &#8220;g\u00fcvensiz&#8221; uyar\u0131s\u0131 vermeyece\u011finden ve t\u00fcm ziyaret\u00e7ileriniz i\u00e7in eri\u015filebilir olaca\u011f\u0131ndan emin olabilirsiniz.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Yonetimi-Kurulumu-ve-Yenilenmesinde-Uzman-Teknik-Destek\"><\/span>Sertifika Y\u00f6netimi, Kurulumu ve Yenilenmesinde Uzman Teknik Destek<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>SSL sertifikas\u0131 sat\u0131n almak s\u00fcrecin sadece ilk ad\u0131m\u0131d\u0131r. Sertifikan\u0131n sunucuya do\u011fru bir \u015fekilde kurulmas\u0131, yap\u0131land\u0131r\u0131lmas\u0131 ve s\u00fcresi dolmadan yenilenmesi teknik bilgi gerektirebilir. \u0130HS Telekom&#8217;un deneyimli teknik destek ekibi, bu s\u00fcre\u00e7lerin her a\u015famas\u0131nda size yard\u0131mc\u0131 olur. \u0130ster bir <a href=\"https:\/\/www.ihs.com.tr\/web-hosting\/wordpress-hosting.html\" target=\"_blank\">WordPress hosting<\/a> kullan\u0131c\u0131s\u0131 olun, ister \u00f6zel bir <a href=\"https:\/\/www.ihs.com.tr\/sunucu-kiralama\/\" target=\"_blank\">sunucu kiralama<\/a> hizmeti al\u0131yor olun, sertifika kurulumu ve y\u00f6netimi konusunda ya\u015fayabilece\u011finiz her t\u00fcrl\u00fc sorunda profesyonel destek alabilirsiniz.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Kurumsal-Guvenlik-Ihtiyaclariniza-Yonelik-Kapsamli-Cozumler\"><\/span>Kurumsal G\u00fcvenlik \u0130htiya\u00e7lar\u0131n\u0131za Y\u00f6nelik Kapsaml\u0131 \u00c7\u00f6z\u00fcmler<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>G\u00fcvenlik ihtiya\u00e7lar\u0131, basit bir blog sitesinden b\u00fcy\u00fck bir e-ticaret platformuna kadar b\u00fcy\u00fck farkl\u0131l\u0131klar g\u00f6sterebilir. \u0130HS Telekom, bu farkl\u0131 ihtiya\u00e7lara y\u00f6nelik geni\u015f bir \u00e7\u00f6z\u00fcm yelpazesi sunar. Tek bir alan ad\u0131n\u0131 koruyan standart SSL sertifikalar\u0131ndan, t\u00fcm alt alan adlar\u0131n\u0131z\u0131 tek bir sertifika ile g\u00fcvence alt\u0131na alan <a href=\"https:\/\/www.ihs.com.tr\/ssl\/wildcard-ssl.html\" target=\"_blank\">Wildcard SSL<\/a> sertifikalar\u0131na, en y\u00fcksek g\u00fcvence seviyesini sunan EV (Geni\u015fletilmi\u015f Do\u011frulama) sertifikalar\u0131ndan, <a href=\"https:\/\/www.ihs.com.tr\/sunucu-kiralama\/vds-sunucu.html\" target=\"_blank\">VDS<\/a> veya <a href=\"https:\/\/www.ihs.com.tr\/sunucu-kiralama\/vps-server.html\" target=\"_blank\">VPS<\/a> gibi sanal sunucular \u00fczerindeki \u00e7oklu siteleri koruyan Multi-Domain SSL sertifikalar\u0131na kadar her \u00f6l\u00e7ekteki i\u015fletme i\u00e7in uygun bir \u00e7\u00f6z\u00fcm bulunmaktad\u0131r. G\u00fcvenli\u011finizi \u015fansa b\u0131rakmay\u0131n, \u0130HS Telekom&#8217;un uzmanl\u0131\u011f\u0131 ile dijital varl\u0131klar\u0131n\u0131z\u0131 koruma alt\u0131na al\u0131n.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u0130nternet \u00fczerinde gezinirken, bankac\u0131l\u0131k i\u015flemleri yaparken veya online al\u0131\u015fveri\u015f yaparken taray\u0131c\u0131n\u0131z\u0131n adres \u00e7ubu\u011funda g\u00f6rd\u00fc\u011f\u00fcn\u00fcz ye\u015fil kilit simgesi, ba\u011flant\u0131n\u0131z\u0131n g\u00fcvenli oldu\u011funu g\u00f6steren SSL\/TLS&hellip;<\/p>\n","protected":false},"author":3,"featured_media":15376,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[400],"tags":[],"class_list":["post-15375","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ssl-sertifikasi"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15375","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=15375"}],"version-history":[{"count":1,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15375\/revisions"}],"predecessor-version":[{"id":15377,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15375\/revisions\/15377"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/15376"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=15375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=15375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=15375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}