Security Blog
The latest news and insights from Google on security and safety on the Internet
The foundation of a more secure web
26 tháng 1, 2017
Posted by Ryan Hurst, Security and Privacy Engineering
In support of our work to implement HTTPS across all of our products (
https://www.google.com/transparencyreport/https/
) we have been operating our own subordinate Certificate Authority (GIAG2), issued by a third-party. This has been a key element enabling us to more rapidly handle the SSL/TLS certificate needs of Google products.
As we look forward to the evolution of both the web and our own products it is clear HTTPS will continue to be a foundational technology. This is why we have made the decision to expand our current Certificate Authority efforts to include the operation of our own Root Certificate Authority. To this end, we have established Google Trust Services (
https://pki.goog
/), the entity we will rely on to operate these Certificate Authorities on behalf of Google and Alphabet.
The process of embedding Root Certificates into products and waiting for the associated versions of those products to be broadly deployed can take time. For this reason we have also purchased two existing Root Certificate Authorities, GlobalSign R2 and R4. These Root Certificates will enable us to begin independent certificate issuance sooner rather than later.
We intend to continue the operation of our existing GIAG2 subordinate Certificate Authority. This change will enable us to begin the process of migrating to our new, independent infrastructure.
Google Trust Services now operates the following Root Certificates:
Public Key
Fingerprint (SHA1)
Valid Until
GTS Root R1
RSA 4096, SHA-384
e1:c9:50:e6:ef:22:f8:4c:56:45:72:8b:92:20:60:d7:d5:a7:a3:e8
Jun 22, 2036
GTS Root R2
RSA 4096, SHA-384
d2:73:96:2a:2a:5e:39:9f:73:3f:e1:c7:1e:64:3f:03:38:34:fc:4d
Jun 22, 2036
GTS Root R3
ECC 384, SHA-384
30:d4:24:6f:07:ff:db:91:89:8a:0b:e9:49:66:11:eb:8c:5e:46:e5
Jun 22, 2036
GTS Root R4
ECC 384, SHA-384
2a:1d:60:27:d9:4a:b1:0a:1c:4d:91:5c:cd:33:a0:cb:3e:2d:54:cb
Jun 22, 2036
GS Root R2
RSA 2048, SHA-1
75:e0:ab:b6:13:85:12:27:1c:04:f8:5f:dd:de:38:e4:b7:24:2e:fe
Dec 15, 2021
GS Root R4
ECC 256, SHA-256
69:69:56:2e:40:80:f4:24:a1:e7:19:9f:14:ba:f3:ee:58:ab:6a:bb
Jan 19, 2038
Due to timing issues involved in establishing an independently trusted Root Certificate Authority, we have also secured the option to cross sign our CAs using:
Public Key
Fingerprint (SHA1)
Valid Until
GS Root R3
RSA 2048, SHA-256
d6:9b:56:11:48:f0:1c:77:c5:45:78:c1:09:26:df:5b:85:69:76:ad
Mar 18, 2029
GeoTrust
RSA 2048, SHA-1
de:28:f4:a4:ff:e5:b9:2f:a3:c5:03:d1:a3:49:a7:f9:96:2a:82:12
May 21, 2022
If you are building products that intend to connect to a Google property moving forward you need to at minimum include the above Root Certificates. With that said even though we now operate our own roots, we may still choose to operate subordinate CAs under third-party operated roots.
For this reason if you are developing code intended to connect to a Google property, we still recommend you include a wide set of trustworthy roots. Google maintains a sample PEM file at (
https://pki.goog/roots.pem
) which is periodically updated to include the Google Trust Services owned and operated roots as well as other roots that may be necessary now, or in the future to communicate with and use Google Products and Services.
Không có nhận xét nào :
Đăng nhận xét
Nhãn
#sharethemicincyber
#supplychain #security #opensource
android
android security
android tr
app security
big data
biometrics
blackhat
C++
chrome
chrome enterprise
chrome security
connected devices
CTF
diversity
encryption
federated learning
fuzzing
Gboard
google play
google play protect
hacking
interoperability
iot security
kubernetes
linux kernel
memory safety
Open Source
pha family highlights
pixel
privacy
private compute core
Rowhammer
rust
Security
security rewards program
sigstore
spyware
supply chain
targeted spyware
tensor
Titan M2
VDP
vulnerabilities
workshop
Archive
2025
thg 1
2024
thg 12
thg 11
thg 10
thg 9
thg 8
thg 7
thg 6
thg 5
thg 4
thg 3
thg 2
thg 1
2023
thg 12
thg 11
thg 10
thg 9
thg 8
thg 7
thg 6
thg 5
thg 4
thg 3
thg 2
thg 1
2022
thg 12
thg 11
thg 10
thg 9
thg 8
thg 7
thg 6
thg 5
thg 4
thg 3
thg 2
thg 1
2021
thg 12
thg 11
thg 10
thg 9
thg 8
thg 7
thg 6
thg 5
thg 4
thg 3
thg 2
thg 1
2020
thg 12
thg 11
thg 10
thg 9
thg 8
thg 7
thg 6
thg 5
thg 4
thg 3
thg 2
thg 1
2019
thg 12
thg 11
thg 10
thg 9
thg 8
thg 7
thg 6
thg 5
thg 4
thg 3
thg 2
thg 1
2018
thg 12
thg 11
thg 10
thg 9
thg 8
thg 7
thg 6
thg 5
thg 4
thg 3
thg 2
thg 1
2017
thg 12
thg 11
thg 10
thg 9
thg 7
thg 6
thg 5
thg 4
thg 3
thg 2
thg 1
2016
thg 12
thg 11
thg 10
thg 9
thg 8
thg 7
thg 6
thg 5
thg 4
thg 3
thg 2
thg 1
2015
thg 12
thg 11
thg 10
thg 9
thg 8
thg 7
thg 6
thg 5
thg 4
thg 3
thg 2
thg 1
2014
thg 12
thg 11
thg 10
thg 9
thg 8
thg 7
thg 6
thg 4
thg 3
thg 2
thg 1
2013
thg 12
thg 11
thg 10
thg 8
thg 6
thg 5
thg 4
thg 3
thg 2
thg 1
2012
thg 12
thg 9
thg 8
thg 6
thg 5
thg 4
thg 3
thg 2
thg 1
2011
thg 12
thg 11
thg 10
thg 9
thg 8
thg 7
thg 6
thg 5
thg 4
thg 3
thg 2
2010
thg 11
thg 10
thg 9
thg 8
thg 7
thg 5
thg 4
thg 3
2009
thg 11
thg 10
thg 8
thg 7
thg 6
thg 3
2008
thg 12
thg 11
thg 10
thg 8
thg 7
thg 5
thg 2
2007
thg 11
thg 10
thg 9
thg 7
thg 6
thg 5
Feed
Follow @google
Follow
Give us feedback in our
Product Forums
.
Follow
Không có nhận xét nào :
Đăng nhận xét