Google HTTPS

Google announced yesterday plans to become a self-standing, certified, and independent Root Certificate Authority, meaning the company would be able to issue its own TLS/SSL certificates for securing its web traffic via HTTPS, and not rely on intermediaries, as it does now.

In the past years, Google has used certificates issued by several companies, with the latest suppliers being GlobalSign and GeoTrust.

Currently, Google is operating a subordinate Certificate Authority (Google Internet Authority G2 - GIAG2), which manages and deploys certificates to Google's infrastructure.

Google is currently in the process of migrating all services and products from GIAG2 certificates to the new Root Certificate Authority, named Google Trust Services (GTS).

According to the search giant, the migration to GTS will take time, and users will see mixed certificates from both GIAG2 and GTS until then.

What this means for regular users is that when they'll click to view a site's HTTPS security certificate, it will say "Google Trust Services" instead of Google Internet Authority, GeoTrust, GlobalSign, or any other term. This will make it easier to identify authentic Google services.

For Google, GTS means its engineers will have full control over its HTTPS certificates since the time they're issued to the time they're revoked.

Situations, when another Certificate Authority issues SSL certificates for Google domains, will stand out immediately.

GTS will provide HTTPS certificates for a broad range of services, such as public websites to API servers, for all Alphabet companies, not just Google.

More technical information, such as Google's current active root certificates and their https://pki.goog/SHA1 fingerprints are available on the Google Trust Services homepage.