Repository of Documentation and Certificates

The Google Public Key Infrastructure (“Google PKI”), has been established by Google Trust Services, LLC (“Google”), to enable reliable and secure identity authentication, and to facilitate the preservation of confidentiality and integrity of data in electronic transactions.

CA certificates

Root CAs

Name Public Key Fingerprint (SHA1) Valid Until Links
GTS Root R1 RSA 4096, SHA-384 e1:c9:50:e6:ef:22:f8:4c:56:45:72:8b:92:20:60:d7:d5:a7:a3:e8 Jun 22, 2036 PEM CRL test
GTS Root R2 RSA 4096, SHA-384 d2:73:96:2a:2a:5e:39:9f:73:3f:e1:c7:1e:64:3f:03:38:34:fc:4d Jun 22, 2036 PEM CRL test
GTS Root R3 ECC 384, SHA-384 30:d4:24:6f:07:ff:db:91:89:8a:0b:e9:49:66:11:eb:8c:5e:46:e5 Jun 22, 2036 PEM CRL test
GTS Root R4 ECC 384, SHA-384 2a:1d:60:27:d9:4a:b1:0a:1c:4d:91:5c:cd:33:a0:cb:3e:2d:54:cb Jun 22, 2036 PEM CRL test
GS Root R2 RSA 2048, SHA-1 75:e0:ab:b6:13:85:12:27:1c:04:f8:5f:dd:de:38:e4:b7:24:2e:fe Dec 15, 2021 PEM CRL test
GS Root R4 ECC 256, SHA-256 69:69:56:2e:40:80:f4:24:a1:e7:19:9f:14:ba:f3:ee:58:ab:6a:bb Jan 19, 2038 PEM CRL test

You can test whether your products are compatible with our roots by following the test links for each root.

Subordinate CAs

Name Public Key Fingerprint (SHA1) Valid Until Links
GTSX1 RSA 2048, SHA-256 0f:d1:f2:00:9d:51:01:1d:23:f8:72:96:27:90:d1:c8:23:44:33:6f Jun 22, 2026 PEM CRL
GTSX2 RSA 2048, SHA-256 29:35:6c:48:6b:b0:e2:ec:8a:0f:c9:0b:ed:73:b8:fa:1d:c1:13:df Jun 22, 2026 PEM CRL
GTSX3 RSA 2048, SHA-256 c1:dd:09:28:69:8b:06:c6:fb:1f:7c:db:10:03:d8:7b:51:26:11:ae Jun 22, 2026 PEM CRL
GTSX4 RSA 2048, SHA-256 e0:fb:04:9e:23:c6:59:20:8b:62:33:68:a0:d2:61:e3:9a:42:18:b2 Jun 22, 2026 PEM CRL
GIAG3 RSA 2048, SHA-256 31:36:88:50:36:18:ae:78:17:b5:05:75:c5:a6:26:94:24:f9:ce:6e Dec 15, 2021 PEM CRL

Externally operated subordinate CAs

The following (only non-revoked and non-expired) certificates have a CA listed above as the issuer.

Certificate Fingerprint (SHA1) Links
DER 65:be:10:2b:e2:69:28:65:0e:0e:f5:4d:c8:f4:f1:5a:f5:f9:8e:8b CP/CPS
Audit Statement

Reporting Incidents

If you are looking to report a security incident involving Google certificates, please follow the steps outlined at Google security and product safety.


Contact the Google PKI team at

Audit Reports

WebTrust Trust Services Criteria for CAs seal WebTrust for CAs Baseline Requirements seal