Google is starting its own Root Certificate Authority.
With the increased implementation of HTTPS across their products, Google decided to move in that direction.
With this step, the company is also minimizing its dependency on other organizations, and allowing its engineers to control issued certificated from start to finish.
“The process of embedding Root Certificates into products and waiting for the associated versions of those products to be broadly deployed can take time. For this reason we have also purchased two existing Root Certificate Authorities, GlobalSign R2 and R4. These Root Certificates will enable us to begin independent certificate issuance sooner rather than later,” said Ryan Hurst, a manager in Google’s Security and Privacy Engineering unit.
Until now, the company was operating its own subordinate Certificate Authority (GIAG2), issued by a third-party, to handle its SSL/TLS certificate needs. This CA will still end up operated by Google, but a new entity – Google Trust Services – ended up created to operate the new Root Certificate Authority.
Hurst said its new Root CA will issue certificates on behalf of Google and parent company Alphabet. In a previous post on Mozilla’s bug-tracking system, he also noted that the new CA is a commercial CA that will provide certificates to customers from around the world.
The change won’t mean much to users of the various Google services – as long as a certificate is valid and doesn’t ring an alarm bell, it pretty much goes unnoticed.
Developers who build products that connect to Google’s services will have to include the new Root Certificates.