Chrome to get its own root certificate store

Google is working on its own implementation of Chrome's root certificate store for certification authorities (Chrome Root Store). The company plans to use it instead of the cert store included in the operating system. The initiative is reminiscent of Mozilla's approach, who maintains a separate independent root certificate store for Firefox. Firefox uses it to verify the certificate chain of trust when opening sites over HTTPS, using the OS cert store as a fallback option.

Google Chrome Banner

The implementation of the new root certificate store is still at the planning stage. In order to perform transition of existing configurations, Chrome's root cert store will include a full collection of all certificates approved on supported platforms. Authorities for enabling the Chrome Root Store will be selected based on publicly available and verified information, such as the CCADB (Common CA Certificate Database) maintained by Mozilla.

Google has already published guidelines for adding new CAs to the Chrome Root Store that were not on the initial list, and has established guidelines for incident response.

Advertisment

Leave a Reply

Your email address will not be published. Required fields are marked *