Google sets up own root certificate authority

Google has set up its first root certificate authority (root CA) in an effort to expand its capability to issue digital credentials independently and bolster the security of internet traffic.

Part of the authentication process for the SSL/TLS cryptographic protocols, a root CA forms the trust anchor at the top of a hierarchy for validating digital certificates.

Digital certificates with public keys underpin the secure, authenticated, and encrypted HTTPS protocol to protect user data flows on the web, with trusted certificates embedded in browsers.

A subsidiary called Googe Trust Services will operate the root CA, issuing subordinate certificates for Google and its mother company, Alphabet.

Google bought two existing root certificate authorities from GlobalSign, R2 and R4, to allow the company to become an independent certificate issuer as soon as possible, security and privacy engineer Ryan Hurst said.

The driver for setting up the root CA is Google's desire to implement HTTPS protection for all its products quickly and efficiently, he wrote.

"As we look forward to the evolution of both the web and our own products it is clear HTTPS will continue to be a foundational technology," Hurst said.

Developers building products and services need to include five new root certificates if they intend to connect to Google properties, he said.

The company previously used its subordinate certificate authority, the Google Internet Authority G2 (GIAG2), which was issued by a third party, to deploy HTTPS across all its products.

Google will continue to operate GIAG2 as it migrates to its new certificate infrastructure, Hurst said.