Google launched its own root certificate authority as part of an effort to implement the secure web protocol HTTPS across its products and services, SecurityWeek reported.
The move reflects the technology giant’s belief that HTTPS represents the foundational technology for both the future of the web and its own products. Having its own root certificate authority will help Google introduce HTTPS more efficiently.
Introducing Google Trust Services
Known as Google Trust Services, the root certificate authority will operate on behalf of Google and parent company Alphabet. The authority will allow the company to independently handle its own certification requirements.
Websites and online services use digital certificates, which must be signed by a trusted certificate authority, to authenticate their identities to browsers. This independent root certificate authority means Google will no longer rely on intermediaries to authenticate sites and services.
The company will control the entire certificate issuance, management and revocation process. According to eWEEK, Google will also be in a stronger position to identify improperly issued certificates across its domains.
Shifting to Googe’s Root Certificate Authority
Embedding root certificates into products can be a time-consuming process. eWEEK reported that Google bought two existing root certificate authorities, known as GlobalSign R2 and R4, to help it issue independent certificates sooner rather than later.
The company also announced intentions to continue operating its existing GIAG2 subordinate certificate authority. This continuation will provide support as the firm moves to its new, independent certification infrastructure.
In a Google blog post, Ryan Hurst, who works in security and privacy engineering for Google, advised developers to take note of the new requirements. Developers will need to include Google’s root certificates in products designed to connect to the company’s online properties in the future.
Encryption and the Future of the Web
Google’s commitment to HTTPS is strong. In 2015, it announced that its search engine would favor sites that use HTTPS instead of the weaker HTTP, Wired reported.
The same article also noted that developers who support smaller websites may struggle to implement HTTPS due to lack of know-how and financial investment. Encouragingly, though, the number of sites encrypted by HTTPS recently passed 50 percent globally.
The future of the web appears strongly connected to the use of HTTPS. Google’s launch of its own root certificate authority represents another step along that journey. Users and business owners should hope the destination is a safer and more secure internet.