Google becomes its own Root Certificate Authority

In an effort to expand its certificate authority capabilities and build the "foundation of a more secure web," Google has finally launched its root certificate authority.

In past few years, we have seen Google taking many steps to show its strong support for sites using HTTPS, like:

Giving more preference to HTTPS websites in its search rankings than others.

  • Warning users that all HTTP pages are not secure.
  • Starting an industry-wide initiative, Certificate Transparency − an open framework to log, audit, and monitor certificates that CAs have issued.

However, Google has been relying on an intermediate Certificate Authority (Google Internet Authority G2 - GIAG2) issued by a third party, with the latest suppliers being GlobalSign and GeoTrust, which manages and deploys certificates to Google's products and services.

Google announced Thursday the creation of its own certified, and independent Root Certificate Authority called Google Trust Services, allowing the company to issue its own TLS/SSL certificates for securing its web traffic via HTTPS, instead of relying on third party certs.

"As we look forward to the evolution of both the web and our own products it is clear HTTPS will continue to be a foundational technology," writes Ryan Hurst, product manager at Google, in a blog post. "This is why we have made the decision to expand our current Certificate Authority efforts to include the operation of our own Root Certificate Authority."

The newly established Google Trust Services (GTS) will issue certificates on behalf of Google and parent company Alphabet.

Like others, Google Trust Services can now be used to sign other subordinate certificates to authenticate the identity of other websites.

However, the process of embedding root CAs into products can take time, so Google acquired two existing Root Certificate Authorities from GlobalSign: R2 and R4.

The acquisitions will allow independent certificate issuance from the company "sooner rather than later."

Developers, who will have to include the new Root Certificates into their services, can head to the Google's official announcement for more details about the newly established Google Trust Services (GTS).