Η Google seems to be trying to become a completely independent company, as it announced the launch of its own root certificate authority.
With this news movement Google will stop relying on intermediate CAs, namely GIAG2 which it used until now.
“As we look forward to the evolution of both the web and our own products it is clear that HTTPS will continue to be a core technology. This is why we made the decision to expand our current Certificate Authorities to include the mode of our own root certificate authority," says Ryan Hurst, Google product manager.
Thus, Google Trust was born Services, a company that will issue certificates on behalf of Google and Alphabet.
But this whole process will take time. Incorporating new root certificates into products and waiting to develop relevant versions of these products takes time. Thus Google has acquired two existing Root Certificate Authorities, GlobalSign R2 and R4, which will allow the company to start issuing independent certificates much faster.
Meanwhile, Google will continue to use the existing GIAG2 certificates for the time being at least.
"If you develop products that intend to connect to a Google service, you must use the above root certificates. That way, even if we release our own certificates, you can still choose to work with third-party certificates. ”
Google advises developers seeking to link their applications to company services to include a broad set of trusty roots in their products.