Home / Early Warning / Cybersecurity Highlights / Unauthorized certificates from CNNIC for Google domains

Unauthorized certificates from CNNIC for Google domains

Google has detected several unauthorized digital certificates issued for Google domains. These certificates were issued by an intermediary authority controlled by MCS Holdings, whose certificate was in turn issued by CNNIC (China Internet Network Information Center). According to statements made by Google and CNNIC, these certificates were used in a controlled environment and installed in man-in-the-middle proxies.

Nevertheless, given that the issuance of these unauthorized certificates implies a violation of good practices for certification, Google, Mozilla and Microsoft have removed from their products the trust in the certificates issued by CNNIC and MCS Holdings. Apple has not yet taken any action in this matter.