Google will no longer recognize security certificates the CNNIC issues. The move comes after CNNIC, China’s domain name registry, issued unauthorized certificates for Google domains. And Google says that MCS Holdings, a CNNIC contractor, was the one who issued the certificates.
So, what’s the big deal? Well, MCS Holdings installed the certificate in a firewall with HTTPS traffic inspection capabilities. The device generated certificates automatically for Google-owned domain names while intercepting traffic between Google services and an MCS Holdings computer. Allegedly, the issuing of certificates was a human error. Google became aware of the problem after a feature in Chrome reported it to them.
After investigating the incident, Google made the decision to remove CNNIC root certificates from its products. But in a statement on their website, Google did note that CNNIC is taking steps to resolve the situation, and commended them for taking proactive measures.
On the heels of Google’s announcement, news broke that Mozilla Foundation, the makers of Firefox, reportedly plans to reject any new digital certificates issued by CNNIC. However, any certificates that already exist will continue to be trusted. Mozilla did note that CNNIC violated numerous policies by issuing intermediate certificates to MCS Holdings. The company has yet to announce its final decision.