Both Google Chrome and Mozilla’s Firefox will stop trusting new digital certificates that of the issued by China Internet Information Center (CNNIC) following last week’s breach that saw unauthorized security certificates for various Google URLs.
In simple terms, CNNIC issued certificates to Egypt –based MCS Holdings in the name of various Google domains, which is eventually was used as a man-in-the-middle attack. It could then be used to intercept data by fooling browsers that they were legitimate security certificates issued to the true domain.
As part of the agreement which all certificate authorities are bound to, they are not permitted to issue a certificates for domains that are not under the control of the requesting party. In essence the should stop anyone from being issued a certificate for a site such as Google.com, unless they own the domain.
This does bring up the issue where users need to ensure they are buying a secure certificate from a legitimate source. Especially with the HTTPS ranking boost, albeit a small one, many website owners are purchasing cheap security certificates without knowing how legitimate the certificate sellers actually are.
CNNIC claims there will be no impact on any of our current customers, however it wouldn’t be surprising to see many websites changing from CNNIC as a result.
While both Google Chrome and Mozilla Firefox state they will no longer trust CNNIC certificates in their browsers, Microsoft is still investigating the possibility.
And it is probably worth double checking to ensure that your certificate does not somehow traced back to CNNIC, but also to just research how legitimate the companies are you purchased certificates from, as this unfortunately probably will not be the last time we hear of some sort of shady certificate shenanigans going on.
Latest posts by Jennifer Slegg (see all)
- Google Sending Manual Actions for Event Markup Spam in Search Results - November 28, 2017
- Google: Why Featured Snippets Rankings are Volatile - November 14, 2017
- Google Home Services Ads Now Local Services Ads; Expanded Categories - November 13, 2017
- Google Adding More Structured Data Search Features to Search Results - November 10, 2017
- Adding Structured Data Helps Google Understand & Rank Webpages Better - November 10, 2017