Google is working on its own implementation of Chrome's root certificate store for certification authorities (Chrome Root Store). The company plans to use it instead of the cert store included in the operating system. The initiative is reminiscent of Mozilla's approach, who maintains a separate independent root certificate store for Firefox. Firefox uses it to verify the certificate chain of trust when opening sites over HTTPS, using the OS cert store as a fallback option.
The implementation of the new root certificate store is still at the planning stage. In order to perform transition of existing configurations, Chrome's root cert store will include a full collection of all certificates approved on supported platforms. Authorities for enabling the Chrome Root Store will be selected based on publicly available and verified information, such as the CCADB (Common CA Certificate Database) maintained by Mozilla.
Google has already published guidelines for adding new CAs to the Chrome Root Store that were not on the initial list, and has established guidelines for incident response.
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!