Google blocks all SSL certificates from Chinese certificate authority




Google will block all certificates of CNNIC, the certificate authority of the Chinese government. Thereby Chrome users will soon see a warning if they are sites that use the appropriate certificate authority.

Google has therefore decided after a certificate was abused was released by CNNIC to issue include fake SSL certificates for Google domains. The Egyptian company MCS Holdings used those certificates in equipment that companies used to intercept SSL traffic, for example, employees, but the certificates could be used “in the wild” to intercept traffic to and from Google domains.

CNNIC not only gives certificates for the Chinese government, but also to commercial companies. Therefore are probably tens of thousands or even millions https sites will no longer be provided with a certificate that works in Chrome. Google says therefore to provide a transition period in which CNNIC customers can switch to a different certificate authority, though it is unclear how long that period. CNNIC called Google’s decision in a reaction “unacceptable and unintelligible opposite CNNIC.

It is for the first time since the DigiNotar case that a certificate authority in this manner is eliminated from a major browser. This Dutch company was hacked in 2011, in which the attackers fake SSL certificates generated. Although DigiNotar was aware of the attack, the company said nothing about it, so that the attackers can use their fake certificates undisturbed. Probably the Iranian government was behind the attack; who wished to intercept movement of activists.

Google does not preclude CNNIC certificates will eventually be accepted back into Chrome. Therefore, the certificate authority certificate shall first have to build transparency. With this technique, a third party can verify that a certificate authority issued false certificates. It is unclear when CNNIC who will implement technology.


In: Technology & Gadgets Asked By: [15446 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »