Hi Nathanna,
First, apologies for the delayed response.
Second, with regards to your initial query about logging to the Google Pilot Log, there are a few things you should be aware of:
1) As Peter mentioned, in order to have your roots added to the Google production Logs, they'd need to be accepted into one of the major root programs (Mozilla / Apple / Microsoft), as we keep our production Log root sets up to date with those root programs, and we don't add other roots to them.
2) Pilot is now a special purpose Log, which only accepts certificates that chain to a limited set of roots, and is no longer kept up to date with the major root stores. Therefore, once you have got your roots accepted into one of the major root stores, we'd instead advise you log your certificates to either of the temporally-sharded Google
Argon or
Xenon CT Logs.
3)
If you'd like to test CT support while you're going through the process of getting your roots added to the major root stores, we have test Logs that we could add test roots to. The instructions for doing that can be found here.4) It is worth noting that CT is only required for certificates that will be used to authenticate public internet sites. If your use case is different to this, it may be that you don't need to worry about CT.
A quick noted about the Argon and Xenon Logs - they are each actually a set of Logs that have been 'temporally-sharded' - what this means is that each Log has a time range associated with it, and it will only accept certificates that have a NotAfter date within that time range. The details of the Argon and Xenon Log sets, and their respective expiry ranges are as follows:
What this means is that for each certificate you issue, you'll have to submit it to the Log that will accept it based on its NotAfter date.
I hope that helps. Please don't hesitate to reach out again should you have any further questions.
Kind regards,
Kat and the CT team at Google