Google seems to be trying to become a completely independent company, as it announced the launch of its own root certification authority.
With this new move, Google will stop relying on intermediate certification companies, specifically GIAG2 that it used to date.
"As we look forward to the evolution of both the internet and our own products, it is clear that HTTPS will continue to be a key technology. That's why we decided to expand our current Certificate Authorities to include the operation of our own root certification authority, ”says Ryan Hurst, Google's product manager.
This is how Google Trust Services was born, a company that will issue certificates for Google and Alphabet.
But this whole process will take time. Incorporating new root certificates into products and waiting to develop relevant versions of these products takes time. Thus Google has acquired two existing Root Certificate Authorities, GlobalSign R2 and R4, which will allow the company to start issuing independent certificates much faster.
Meanwhile, Google will continue to use the existing GIAG2 certificates for the time being at least.
"If you develop products that intend to connect to a Google service, you must use the above root certificates. That way, even if we release our own certificates, you can still choose to work with third-party certificates. ”
Google advises developers seeking to link their applications to company services to include a broad set of trusty roots in their products.