Users trying to connect to many websites in China through Chrome will soon see a message that the website’s security certificate is not trusted, advising against proceeding.
In a far-reaching response to a recently security breach, Google plans to cease recognizing all web security certificates issued by the China Internet Network Information Center (CNNIC) – which includes many government, banking and ecommerce sites in the country …
It was revealed last week that CNNIC had allowed an Egyptian company, MCS Holdings, to issue digital certificates – which prove a website is genuine – on its behalf. The way this was done allowed other servers to mimic genuine ones, opening up the possibility that traffic to those sites could be intercepted. Several Google domains, including Gmail, were left vulnerable, promoting Google’s decision.
Google has not yet issued the update, stating that it wants to give websites time to obtain replacement digital certificates, but has given no timeframe for this.