CA Gateway can collect a set of signed CT log server responses and ask the underlying CA if the certificates for public trust include these responses in an SCT List extension. The certificate transparency filter:
- Sends parallel requests to all of the configured log servers.
- Waits for sufficient log server responses to arrive. In the filter configuration, a certificate transparency policy states the type and the minimum of required responses.
- Requests the final certificate to the CA.
This approach allows defining a surplus of log servers to guard against slow or offline servers.