This document is the combined Certificate Policy and Certification Practice Statement for TLS server Certificates ("CP/CPS") of Google Trust Services ("GTS") for the GTS Public Key Infrastructure ("GTS PKI"). It defines a set of business, technical and legal requirements for the issuance and management of publicly-trusted Certificates within the GTS PKI. In addition, it describes the practices GTS has adopted to meet these requirements.
The GTS PKI has been established to enable reliable and secure identity verification, and to facilitate the preservation of confidentiality and integrity of data in electronic transactions. GTS PKI services include, but are not limited to, approving, issuing, managing, using, revoking and renewing publicly-trusted Certificates in a manner consistent with this CP/CPS. The certificates are issued by or on behalf of Google Trust Services Europe Ltd for Subscribers in the EU and by Google Trust Services LLC for all other Subscribers.
GTS conforms to the latest version of the CA/Browser Forum (CABF) Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates (BR) published at https://www.cabforum.org. In the event of any inconsistency between the requirements in this CP/CPS and the CABF Baseline Requirements, the applicable CABF Baseline Requirements take precedence.
GTS requires its affiliated entities, Applicants, Subscribers, and Relying Parties who are involved in issuing and managing digital Certificate within the GTS PKI hierarchy to adhere to this CP/CPS. Other important documents that accompany this CP/CPS include the associated Subscriber and Relying Party Agreements. Further information related to the policies and issuance practices of GTS can be found at https://pki.goog/.
This CP/CPS is structured in accordance with the Internet Engineering Task Force (IETF) standard RFC 3647.
This CP/CPS is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit https://creativecommons.org/licenses/by/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.
This document is the GTS CP/CPS for publicly trusted Certificates. It has been approved for publication by the GTS Policy Authority.
The OID arc for Google Trust Services is {iso(1) iso-identified-organization(3) dod(6) internet(1) private(4) enterprise(1) google(11129) 2(2) 5(5) 3(3)} (1.3.6.1.4.1.11129.2.5.3). See section 7.1.6 for a list of Certificate Policy object identifiers used by GTS.
See Appendix B for a list of revisions to this document.
See definition of "Certification Authority" in Appendix A Definitions.
All certificates in the GTS PKI are issued by GTS.
This CP/CPS applies to all Certificates issued and signed by the following CAs hereinafter referred to as "GTS CAs".
GTS Root R1 (original)
Key: RSA 4096
Serial#: 6e:47:a9:c5:4b:47:0c:0d:ec:33:d0:89:b9:1c:f4:e1
SHA256 Fingerprint:
2a:57:54:71:e3:13:40:bc:21:58:1c:bd:2c:f1:3e:15:84:63:20:3e:ce:94:bc:f9:d3:cc:19:6b:f0:9a:54:72
Valid until: Jun 22, 2036
GTS Root R1 (with digitalSignature)
Key: RSA 4096
Serial#: 02:03:e5:93:6f:31:b0:13:49:88:6b:a2:17
SHA256 Fingerprint:
d9:47:43:2a:bd:e7:b7:fa:90:fc:2e:6b:59:10:1b:12:80:e0:e1:c7:e4:e4:0f:a3:c6:88:7f:ff:57:a7:f4:cf
Valid until: Jun 22, 2036
GTS Root R2 (original)
Key: RSA 4096
Serial#: 6e:47:a9:c6:5a:b3:e7:20:c5:30:9a:3f:68:52:f2:6f
SHA256 Fingerprint:
c4:5d:7b:b0:8e:6d:67:e6:2e:42:35:11:0b:56:4e:5f:78:fd:92:ef:05:8c:84:0a:ea:4e:64:55:d7:58:5c:60
Valid until: Jun 22, 2036
GTS Root R2 (with digitalSignature)
Key: RSA 4096
Serial#: 02:03:e5:ae:c5:8d:04:25:1a:ab:11:25:aa
SHA256 Fingerprint:
8d:25:cd:97:22:9d:bf:70:35:6b:da:4e:b3:cc:73:40:31:e2:4c:f0:0f:af:cf:d3:2d:c7:6e:b5:84:1c:7e:a8
Valid until: Jun 22, 2036
GTS Root R3 (original)
Key: ECC 384
Serial#: 6e:47:a9:c7:6c:a9:73:24:40:89:0f:03:55:dd:8d:1d
SHA256 Fingerprint:
15:d5:b8:77:46:19:ea:7d:54:ce:1c:a6:d0:b0:c4:03:e0:37:a9:17:f1:31:e8:a0:4e:1e:6b:7a:71:ba:bc:e5
Valid until: Jun 22, 2036
GTS Root R3 (with digitalSignature)
Key: ECC 384
Serial#: 02:03:e5:b8:82:eb:20:f8:25:27:6d:3d:66
SHA256 Fingerprint:
34:d8:a7:3e:e2:08:d9:bc:db:0d:95:65:20:93:4b:4e:40:e6:94:82:59:6e:8b:6f:73:c8:42:6b:01:0a:6f:48
Valid until: Jun 22, 2036
GTS Root R4 (original)
Key: ECC 384
Serial#: 6e:47:a9:c8:8b:94:b6:e8:bb:3b:2a:d8:a2:b2:c1:99
SHA256 Fingerprint:
71:cc:a5:39:1f:9e:79:4b:04:80:25:30:b3:63:e1:21:da:8a:30:43:bb:26:66:2f:ea:4d:ca:7f:c9:51:a4:bd
Valid until: Jun 22, 2036
GTS Root R4 (with digitalSignature)
Key: ECC 384
Serial#: 02:03:e5:c0:68:ef:63:1a:9c:72:90:50:52
SHA256 Fingerprint:
34:9d:fa:40:58:c5:e2:63:12:3b:39:8a:e7:95:57:3c:4e:13:13:c8:3f:e6:8f:93:55:6c:d5:e8:03:1b:3c:7d
Valid until: Jun 22, 2036
GlobalSign R4 (original)
Key: ECC 256
Serial#: 2a:38:a4:1c:96:0a:04:de:42:b2:28:a5:0b:e8:34:98:02
SHA256 Fingerprint:
be:c9:49:11:c2:95:56:76:db:6c:0a:55:09:86:d7:6e:3b:a0:05:66:7c:44:2c:97:62:b4:fb:b7:73:de:22:8c
Valid until: Jan 19, 2038
GlobalSign R4 (with digitalSignature)
Key: ECC 256
Serial#: 02:03:e5:7e:f5:3f:93:fd:a5:09:21:b2:a6
SHA256 Fingerprint:
b0:85:d7:0b:96:4f:19:1a:73:e4:af:0d:54:ae:7a:0e:07:aa:fd:af:9b:71:dd:08:62:13:8a:b7:32:5a:24:a2
Valid until: Jan 19, 2038
Prior to August 11, 2016, GTS Root R1, GTS Root R2, GTS Root R3, GTS Root R4, and GlobalSign R2 and R4 were operated by GMO GlobalSign, Inc. according to GMO GlobalSign, Inc.'s Certificate Policy and Certification Practice Statement. Between August 11, 2016 and December 8, 2016, Google Inc. operated these Roots according to Google Inc.'s Certification Practice Statement. As of December 9, 2016, Google Trust Services LLC operates these Roots under this CP/CPS.
The CA Certificates of the above listed CAs can be retrieved at https://pki.goog/repository/.
GTS Root R1
Key: RSA 4096
Serial#: 77:bd:0d:6c:db:36:f9:1a:ea:21:0f:c4:f0:58:d3:0d
SHA256 Fingerprint:
3e:e0:27:8d:f7:1f:a3:c1:25:c4:cd:48:7f:01:d7:74:69:4e:6f:c5:7e:0c:d9:4c:24:ef:d7:69:13:39:18:e5
Valid until: Jan 28, 2028
GTS Root R4
Key: ECC 384
Serial#: 7f:e5:30:bf:33:13:43:be:dd:82:16:10:49:3d:8a:1b
SHA256 Fingerprint:
76:b2:7b:80:a5:80:27:dc:3c:f1:da:68:da:c1:70:10:ed:93:99:7d:0b:60:3e:2f:ad:be:85:01:24:93:b5:a7
Valid until: Jan 28, 2028
The CA Certificates of the above listed CAs can be retrieved at https://pki.goog/repository/.
AE1
Key: ECC 256
Serial#: 7f:f4:e5:ce:36:a6:a1:fa:5e:e1:91:6c:08:d3:9b:7c
SHA256 Fingerprint:
81:2c:21:2e:9e:45:dc:50:05:c7:f4:74:11:18:3f:5f:b2:ff:1b:ae:e1:84:d3:35:4b:2e:93:d7:8c:28:01:64
Valid until: Feb 20, 2029
WE1 (Issued by GTS Root R4)
Key: ECC 256
Serial#: 7f:f3:19:77:97:2c:22:4a:76:15:5d:13:b6:d6:85:e3
SHA256 Fingerprint:
1d:fc:16:05:fb:ad:35:8d:8b:c8:44:f7:6d:15:20:3f:ac:9c:a5:c1:a7:9f:d4:85:7f:fa:f2:86:4f:be:bf:96
Valid until: Feb 20, 2029
WE1 (Issued by Globalsign R4)
Key: ECC 256
Serial#: 7f:f3:57:68:9b:c2:4e:30:2d:90:e1:8a:41:bd:0e:1f
SHA256 Fingerprint:
a2:87:ff:ab:76:2c:c6:9a:26:d4:82:03:7e:df:70:1f:65:3c:e8:99:02:5c:62:a7:e5:cb:88:bb:9b:41:9c:bb
Valid until: Feb 20, 2029
WE2 (Issued by GTS Root R4)
Key: ECC 256
Serial#: 7f:f3:2d:6b:40:9d:15:d5:96:5b:05:87:3a:7c:72:e0
SHA256 Fingerprint:
9c:3f:2f:d1:1c:57:d7:c6:49:ad:5a:09:32:c0:f0:d2:97:56:f6:a0:a1:c7:4c:43:e1:e8:9a:62:d6:4c:d3:20
Valid until: Feb 20, 2029
WE2 (Issued by Globalsign R4)
Key: ECC 256
Serial#: 7f:f3:57:7f:f6:3c:7c:a3:7e:06:42:f8:c8:b8:62:90
SHA256 Fingerprint:
54:f8:ca:85:8b:cc:75:91:f2:8d:8d:c3:77:2e:9b:c5:81:71:7f:3a:23:a2:88:bf:d4:05:93:9c:36:20:8d:e5
Valid until: Feb 20, 2029
WE3 (Issued by GTS Root R4)
Key: ECC 256
Serial#: 7f:f3:2d:6d:bd:5e:dd:54:ca:4e:4b:67:95:72:91:43
SHA256 Fingerprint:
9f:81:9a:4c:87:6e:12:dc:84:e6:fe:0e:37:c1:a6:9b:13:70:94:b4:53:fa:98:44:93:98:f4:b7:1f:4d:00:92
Valid until: Feb 20, 2029
WE3 (Issued by Globalsign R4)
Key: ECC 256
Serial#: 7f:f3:57:91:0f:07:e1:92:9f:3d:00:84:ae:f1:98:c7
SHA256 Fingerprint:
54:c6:60:da:29:d7:5f:c8:1f:07:ad:6d:c8:bb:7a:ee:22:58:e0:71:e8:b1:07:75:44:fa:56:22:ff:44:c9:9d
Valid until: Feb 20, 2029
WE4 (Issued by GTS Root R4)
Key: ECC 256
Serial#: 7f:f3:2d:70:bb:d1:a7:30:9b:57:32:50:0a:c9:9a:ae
SHA256 Fingerprint:
d0:c9:7e:56:c7:b0:ba:81:2d:94:4a:d7:71:f7:79:9b:5d:41:44:a2:32:7a:4e:41:65:54:f7:ee:2a:a0:ae:ae
Valid until: Feb 20, 2029
WE4 (Issued by Globalsign R4)
Key: ECC 256
Serial#: 7f:f3:57:a2:dc:fa:89:35:b3:23:62:f6:15:23:b3:a7
SHA256 Fingerprint:
9d:5e:86:90:6a:16:80:a8:6b:e2:78:cf:76:e3:d2:b6:2b:77:51:86:10:14:61:d3:03:ce:e9:10:d9:4c:e1:3a
Valid until: Feb 20, 2029
WE5
Key: ECC 256
Serial#: 7f:f4:e5:cb:ec:d9:81:f2:ad:fa:08:91:3c:ef:ab:14
SHA256 Fingerprint:
84:74:09:e6:35:26:f1:62:75:3a:c4:9f:75:21:8e:fa:af:a7:d5:c9:4a:de:90:95:ce:72:e7:f6:b6:e3:ac:99
Valid until: Feb 20, 2029
WR1
Key: RSA 2048
Serial#: 7f:d9:e2:c2:d2:04:8a:04:74:b6:27:a2:6d:08:68:a7
SHA256 Fingerprint:
b1:0b:6f:00:e6:09:50:9e:87:00:f6:d3:46:87:a2:bf:ce:38:ea:05:a8:fd:f1:cd:c4:0c:3a:2a:0d:0d:0e:45
Valid until: Feb 20, 2029
WR2
Key: RSA 2048
Serial#: 7f:f0:05:a0:7c:4c:de:d1:00:ad:9d:66:a5:10:7b:98
SHA256 Fingerprint:
e6:fe:22:bf:45:e4:f0:d3:b8:5c:59:e0:2c:0f:49:54:18:e1:eb:8d:32:10:f7:88:d4:8c:d5:e1:cb:54:7c:d4
Valid until: Feb 20, 2029
WR3
Key: RSA 2048
Serial#: 7f:f0:05:a9:15:68:d6:3a:bc:22:86:16:84:aa:4b:5a
SHA256 Fingerprint:
2f:e3:57:db:13:75:1f:f9:16:0e:87:35:49:75:b3:40:74:98:f4:1c:9b:d1:6a:48:65:78:66:e6:e5:a9:b4:c7
Valid until: Feb 20, 2029
WR4
Key: RSA 2048
Serial#: 7f:f0:05:b4:da:75:b8:6a:5a:c6:1f:e4:30:77:13:cd
SHA256 Fingerprint:
dc:94:16:c2:f8:55:12:6d:6d:e9:77:67:75:38:f2:f9:67:ff:49:98:e9:0d:fa:43:5a:17:21:9b:e0:77:fc:06
Valid until: Feb 20, 2029
WR5
Key: RSA 2048
Serial#: 7f:f4:e5:c9:14:96:b0:f2:a1:89:05:ed:50:1e:62:a3
SHA256 Fingerprint:
ae:0f:c8:52:28:0f:1b:87:ce:da:f7:3c:fb:84:cf:10:6e:fe:c8:8e:82:94:25:3a:f3:52:ed:40:34:46:0d:7b
Valid until: Feb 20, 2029
The CA Certificates of the above listed CAs can be retrieved at https://pki.goog/repository/.
The following (only non-revoked and non-expired) externally operated subordinate CAs have a GTS CA listed as the issuer of their CA Certificate.
GTS LTSR
Key: ECC 256
Serial#: 01:f0:f7:9d:59:dd:6e:50:f7:42:73:71:50
SHA256 Fingerprint:
0a:76:f5:0a:e4:7b:05:d9:a8:59:54:a1:de:9b:c0:b9:36:bc:d2:12:91:1b:cb:fa:65:00:30:07:2d:17:d9:46
Valid until: Nov 01, 2042
GTS LTSX
Key: ECC 256
Serial#: 01:f4:0a:99:c9:b7:a8:55:70:4f:4f:b7:9d
SHA256 Fingerprint:
35:47:74:27:62:e6:44:74:71:0b:df:d1:49:95:dc:8a:3f:68:18:ba:7f:18:4e:93:75:9c:c7:e3:50:8f:be:15
Valid until: Apr 01, 2029
LTS32
Key: ECC 256
Serial#: 7f:da:0c:03:0c:f3:55:04:0f:25:52:cd:c6:64:25:6c
SHA256 Fingerprint:
dd:d7:0c:49:a4:12:9e:b1:4f:1c:17:64:8d:ed:ca:d5:e3:14:3a:9f:a9:f7:b4:6f:b2:3e:68:d1:67:af:81:e6
Valid until: Dec 31, 2032
See definition of "Registration Authority" in Appendix A Definitions.
All RA functions for the GTS CAs listed in this CP/CPS are performed by GTS or are within the scope of GTS's WebTrust audit.
See definition of "Subscriber" in Appendix A Definitions.
All Subscribers are required to enter into the Subscriber Agreement available in the repository at https://pki.goog/repository.
See definition of "Relying Party" in Appendix A Definitions.
Third-party CAs who cross-sign root or subordinate CAs for the GTS PKI.
Appropriate Certificate uses under this CP/CPS are all uses for the purpose of authentication using digital signatures, encryption and access control which are consistent with the key usage extension fields of the respective Certificate and are not in violation of this CP/CPS, applicable law, or any agreement made between the Subscriber and GTS.
Certificates are not proof of the trustworthiness or honesty of the Subscriber nor do they indicate the Subscriber's compliance with any law. By issuing a certificate GTS merely confirms that it has used reasonable means to verify the information in the certificate before it was issued.
Certificates issued under this CP/CPS are not intended and may not be used for any application requiring fail-safe performance such as (a) the operation of nuclear power facilities, (b) air traffic control systems, (c) aircraft navigation systems, (d) weapons control systems, or (e) any other system whose failure could lead to injury, death or environmental damage.
GTS Certificates may not be used for man-in-the middle purposes or where their usage is prohibited by law.
The GTS CA Policy Authority is responsible for the drafting, maintenance, and interpretation of this CP/CPS.
Google Trust Services LLC
1600 Amphitheatre Parkway
Mountain View, CA 94043
USA
Google Trust Services Europe Ltd
70 SIR JOHN ROGERSON'S QUAY
DUBLIN, D02R296
Ireland
Subscribers, Relying Parties, Application Software Suppliers, and other third parties may contact us concerning service outages, security issues or any other matter related to Certificates by using the contact form at https://pki.goog/contact/.
Certificate Problem Reports and other requests for Certificate revocation e.g. due to suspected Private Key compromises, Certificate misuse, or other types of fraud, compromise, misuse or inappropriate conduct must be submitted following the process and instructions described in Section 4.9.3 of this CP/CPS.
The GTS CA Policy Authority determines the suitability and applicability of this CP/CPS.
GTS may modify this CP/CPS at any time by posting a revised version in the Repository (https://pki.goog/repository/). New CP/CPS versions are approved by the GTS CA Policy Authority and become effective upon posting.
See Appendix A.
See Appendix A.
See Appendix A.
By convention, this CP/CPS omits time and timezones when listing effective requirements such as dates. Except when explicitly specified, the associated time with a date shall be 00:00:00 UTC.
GTS maintains a Repository on its website at https://pki.goog/repository/ which comprises:
GTS CA Certificates and Subscriber Certificates contain URLs to locations where Certificate-related information is published.
When applicable, GTS makes the CRLs and OCSP services for its CAs publicly available online and reachable 24 hours a day, 7 days a week. Revocation services are designed to minimize downtime. CRLs signed by intermediate CAs are provided in a partitioned format to maintain a maximum CRL shard size of ~10MB for all CRLs.
This CP/CPS is available in the repository at https://pki.goog/repository.
Web pages for Application Software Suppliers to test their software with Subscriber Certificates that chain up to each publicly trusted Root Certificate are listed at https://pki.goog/repository/.
CA Certificates are published as soon as possible prior to their usage for issuing to Subscribers. This typically means within seven (7) days of creation.
Updates to this CP/CPS, the Subscriber Agreement and the Relying Party Agreement located at https://pki.goog/repository/ are published as soon as possible. This typically means within seven (7) days of receipt or approval. GTS reviews and updates this CP/CPS at least once every 365 days.
CRLs are published in accordance with Section 4.9.7. OCSP response updates are published in accordance with Section 4.9.9.
The Repository is publicly available. GTS operates physical and logical security controls to protect the Repository from unauthorized modification or deletion.
See Section 7.1 for the types of names which may appear in GTS Certificates.
No stipulation.
Subscribers are not permitted to include pseudonyms in the subject information of their Certificate applications.
GTS may issue Certificates for Internationalized Domain Names (IDNs). GTS may perform checks to detect the use of IDNs in homoglyph impersonation attacks.
GTS does not make any assertions about the reliability or validity of website content.
No stipulation.
Applicants are prohibited from requesting certificates that contain content that infringes on the intellectual property and commercial rights of others. GTS does not determine whether Applicants have intellectual property rights in the name used in a Certificate Application nor does GTS resolve any dispute concerning the ownership of a domain name or trademark. GTS may reject any Certificate Application and revoke any Certificate because of such a dispute.
Applicants must prove ownership of a private key by providing a PKCS #10 compliant Certificate Signing Request, or a cryptographically equivalent proof.
If the countryName attribute of the subject is present, then GTS verifies the country associated with the Subject using at least one of the following:
Prior to issuing a subscriber Certificate, GTS validates that the Applicant has control using the following approved methods as defined in the BR at the time of validation:
In addition, GTS may supplement its validation procedure with checks against internal data sources.
GTS does not issue Certificates for FQDNs that contain "onion" as the rightmost Domain Label.
Not applicable. GTS does not issue individually validated certificates to natural persons.
Not applicable. GTS does not include unverified subject information in Certificates.
GTS uses a reliable method of communication with the Applicant or its representative.
The authority of Applicants to request Certificates on behalf of an organization is verified during the validation of the Applicant's identity.
GTS does not issue Organization Validated (OV) subscriber certificates for TLS.
All Cross-Certified Subordinate CA Certificates that identify a GTS CA as the Subject are listed in the Repository, provided that GTS has arranged for or accepted the establishment of the trust relationship.
See Section 4.7.
See Section 4.7.
Identification & authentication for revocation requests are detailed under Section 4.9 of this document.
Identification and authentication procedures are not required in cases where the revocation request is made by GTS or where the request is made by reference to a revocation reason that is independent of the requestor's identity.
Certificate applications can be submitted through the GTS ACME API or through products and services that integrate with the GTS ACME API and offer certificate request or management functions.
In accordance with Section 5.5.2, GTS maintains an internal database of all previously revoked Certificates and previously rejected Certificate requests due to suspected phishing or other fraudulent usage or concerns. GTS uses this information to identify subsequent suspicious Certificate requests.
Applicants can enroll by registering an ACME account using the GTS ACME API.
To obtain a Certificate, applicants must submit a certificate application containing the information below. For most Certificates, this application consists of the Applicant's ACME Certificate request.
By executing the Subscriber Agreement, the Applicant warrants that the information included in the Certificate request is correct.
GTS performs the applicable Certificate validation procedures and verifies the completeness, accuracy and authenticity of the information provided by the Applicant prior to issuing a Certificate. The procedures include:
GTS performs identification and authentication functions during the certificate application process.
Certificate applications are not approved unless GTS has obtained all necessary information as specified in Section 4.1.2. If missing information cannot be readily obtained from a trusted internal data source, GTS may ask the Applicant to provide the required information in an alternative form.
Completed validations and supporting evidence may be re-used for up to 398 days prior to issuing the Certificate.
GTS maintains procedures to identify high risk Certificate requests that require additional verification activity prior to their approval. This includes maintaining an internal database of all Certificates that have previously been revoked and all Certificate requests that have been rejected by GTS. This information is used during identification and authentication to identify suspicious Certificate requests.
GTS checks for CAA records for each dNSName in the subjectAltName extension of the Certificate to be issued and follows the processing instructions as specified in RFC 8659 and Section 3.2.2.8 of the TLS BRs. GTS acts in accordance with CAA records if present.
The following Issuer Domain Name in CAA "issue" or "issuewild" records permits GTS to issue:
If GTS issues a certificate, it does so within the TTL of the CAA record, or 8 hours, whichever is greater.
A Certificate is not issued if an unrecognized property has the critical flag set.
GTS may decide not to check for a CAA record for certificates for which a Certificate Transparency precertificate was created and logged in at least two public logs, and for which CAA was checked.
Lookup failures during CAA checking are not considered permission to issue.
GTS may decide to check for the existence of specific CAA parameters depending on the policy of the certificate that will be issued.
GTS may choose to limit issuance according to RFC 8657.
GTS may elect not to issue any certificate at its discretion.
GTS only accepts Certificate applications for which all required subscriber information has been provided and validated. All other applications are rejected.
Certificate applications that contain a new gTLD are not approved while the gTLD is still under consideration by ICANN.
Applications for subordinate CAs are not approved unless the CA in question will be operated by GTS or an Affiliate and will be governed by this CP/CPS.
GTS does not issue Certificates for internal names or reserved IP addresses.
No stipulation.
Certificate issuance from a Root CA requires at least two authorized individuals one of whom deliberately issues a direct command in order to perform the signing operation.
Subscriber leaf certificates are processed in an automated fashion using the ACME standard.
Prior to signing a Certificate, GTS performs conformance linting using appropriate tooling. Linting is done over the precertificate and the issued Certificate. If linting reports a nonconformity, a report is generated and issuance is halted.
GTS uses Linting tools that have been widely adopted by the industry - https://cabforum.org/resources/tools/.
The issued Certificate is delivered via ACME as soon as possible.
The Subscriber indicates acceptance of a certificate by downloading it from the ACME provided location.
By accepting a certificate, the Subscriber agrees to be bound by the continuing responsibilities, obligations and duties imposed by the Subscriber Agreement and this CP/CPS.
All Subscriber certificates are made available to Subscribers via ACME. They are also submitted to Certificate Transparency logs following typical root program requirements.
GTS does not guarantee issuance of a final certificate for every precertificate.
See Section 4.4.2 above.
No stipulation.
No stipulation.
Certificate renewal is the process whereby a new certificate with an updated validity period is created for an existing Key Pair.
GTS does not offer Certificate renewal. To obtain a new certificate after a GTS issued Certificate has expired, the Applicant is asked to generate a new Key Pair and request a new certificate in accordance with this CP/CPS.
Not applicable. See Section 4.6.1.
Not applicable. See Section 4.6.1.
Not applicable. See Section 4.6.1.
Not applicable. See Section 4.6.1.
Not applicable. See Section 4.6.1.
Not applicable. See Section 4.6.1.
GTS treats Certificate re-key requests as requests for the issuance of a new Certificate.
Not applicable. See Section 4.7.1.
Not applicable. See Section 4.7.1.
Not applicable. See Section 4.7.1.
Not applicable. See Section 4.7.1.
Not applicable. See Section 4.7.1.
Not applicable. See Section 4.7.1.
GTS does not modify previously issued subscriber Certificates. Any request for Certificate modification will be treated as a request for the issuance of a new certificate.
Not applicable. See Section 4.8.
Not applicable. See Section 4.8.
Not applicable. See Section 4.8.
Not applicable. See Section 4.8.
Not applicable. See Section 4.8.
Not applicable. See Section 4.8.
Not applicable. See Section 4.8.
GTS supports Certificate revocation. Certificate suspension is not supported.
Certificates are revoked by adding their serial number to the appropriate CRL. If the revoked certificates reference an OCSP URL, their status is also set to revoked by the OCSP responder.
To optimise CRL service performance, GTS uses partitioned CRLs and includes appropriate CRL Distribution Point into the respective certificate.
Certificates that have expired are not revoked.
GTS follows Sections 4.9.1.1 and 4.9.1.2 of the CABF TLS Baseline Requirements when revoking certificates.
Certificate revocation can be requested by:
GTS maintains capabilities to receive Certificate revocation requests 24/7.
Revocation requests can be made over the ACME API in the following cases:
Revocation requests made by the Subscriber must be submitted using the appropriate GTS ACME API.
All other revocation requests must be submitted in English using the contact form available at http://pki.goog/.
Information on how to select revocation reason codes is provided in Section 4.9.1.1 of the CABF TLS Baseline Requirements.
The revocationDate field of a CRL may be backdated to enter keyCompromise as the CRLReason in the reasonCode extension. In these cases, the revocationDate field is set to the date when the certificate is first considered to be compromised.
Where deemed appropriate, GTS may also forward the case to law enforcement.
GTS does not typically grant revocation grace periods. Only in exceptional circumstances will a grace period be considered.
Within 24 hours after receiving a Certificate Problem Report, GTS will investigate the facts and circumstances related to a Certificate Problem Report and provide a preliminary report on its findings to both the Subscriber and the entity who filed the Certificate Problem Report.
If revocation is needed, it is done following the CABF TLS Baseline Requirements Sections 4.9.1.1 and 4.9.1.2.
Relying Parties are encouraged to confirm the validity of each Certificate in the certificate chain by checking the applicable CRL and/or OCSP responder before relying on a GTS Certificate.
GTS updates and issues new CRLs as specified by the CABF TLS Baseline Requirements.
No stipulation.
GTS may provide revocation information via OCSP for active certificates. At its discretion, GTS may not provide OCSP when it is not required.
No stipulation.
Not applicable. GTS does not provide other forms of revocation advertisements.
In case of a compromise of the Subscriber's Private Key, the Subscriber must immediately notify GTS of the Private Key compromise event. GTS will revoke the concerned certificate, and publish a CRL to inform Relying Parties that the certificate can no longer be trusted.
The Subscriber is responsible for investigating the circumstances of any such compromise.
The acceptable methods that can be used by third parties as proof of key compromise are the following:
Not applicable. GTS does not suspend Certificates.
Not applicable. GTS does not suspend Certificates.
Not applicable. GTS does not suspend Certificates.
Not applicable. GTS does not suspend Certificates.
Revocation entries on a CRL or OCSP responses are not removed until after the expiry date of the revoked certificate.
GTS operates and maintains its CRL and OCSP services (when applicable) with resources sufficient to provide a response time of ten seconds or less under normal operating conditions.
Certificate status services are available 24x7, unless temporarily unavailable due to maintenance or service failure. Additionally, GTS maintains 24x7 ability to respond to valid Certificate Problem Reports.
No stipulation.
A subscriber's subscription ends when its certificate expires or when the Certificate is revoked. A subscription also ends when the applicable Subscriber Agreement expires and is not renewed.
Not applicable. GTS does not escrow Private Keys.
Not applicable. GTS does not support session key encapsulation or recovery.
The GTS CA infrastructure is located in and operated from secure GTS facilities. Detailed security procedures are in place and followed that prohibit unauthorized access and entry into the areas of the facilities in which CA systems reside.
GTS CA systems are located in a selected set of locations which have been evaluated for their physical security, as well as local legal considerations that may affect CA operations.
All CA systems are operated from buildings which are solidly constructed to prevent unauthorized entry.
GTS has implemented appropriate physical security controls to restrict access to all hardware used for providing CA Services. Access to such hardware is limited to those personnel performing in a trusted role as described in Section 5.2.1. Access is controlled through the use of electronic access controls, mechanical combination lock sets, deadbolts, or other security mechanisms. Such access controls are manually or electronically monitored for unauthorized intrusion at all times. Only authorized personnel are allowed access, either physical or logical, to GTS systems.
GTS enforces two-person access for all physical access to CA systems.
The GTS CA servers are located inside of a locked server room. Access to the server room is controlled by badge readers with time-bound clearances, only granting entry to specific individuals during designated time frames. The private keys for the CAs are stored in hardware security modules (HSMs) that are validated to FIPS 140-2 Level 3 or higher and that are physically tamper-evident and tamper-resistant.
GTS CA facilities are connected to a UPS system and emergency power generator. They are equipped with cooling systems to ensure reliable operations.
All GTS CA facilities are equipped with controls to protect CA systems from damage resulting from water leakage.
All GTS CA facilities are equipped with fire detection alarms and protection equipment.
No stipulation.
GTS takes reasonable steps to ensure that all media used for the storage of information such as keys, activation data or its files are sanitized or destroyed before they are released for disposal.
GTS maintains multiple facilities for its CA infrastructure which also hold copies of the CA private keys for redundancy. All facilities have security controls which are equivalent across locations.
All personnel who have access to or control over cryptographic operations of a GTS CA that affect the issuance, use, and management of Certificates are considered as serving in a trusted role ("Trusted Role"). Such personnel include, but are not limited to, members of Google's Information Security Team.
CA Private Keys can only be backed up, stored, and recovered by personnel in trusted roles using, at least, dual control in a physically secured environment.
All personnel are vetted prior to appointing them to a Trusted Role and anyone performing in a Trusted Role must authenticate themselves before accessing CA systems or confidential information.
Audits of GTS infrastructure and Certificate issuance are performed by individuals who are independent from operators who approve Certificate issuance.
To review their conformance with applicable policies and other requirements, GTS CAs undergo annual audits performed by a Qualified Auditor.
GTS has implemented policies to verify the identity and trustworthiness of its personnel. Furthermore, GTS evaluates the performance of its CA personnel to ensure that they perform their duties in a satisfactory manner.
GTS follows formal processes for selecting personnel and for performing background checks on individuals who operate GTS CAs.
All personnel who perform information verification duties receive skills-training that covers basic Public Key Infrastructure knowledge, identification and authentication procedures (including this CP/CPS), common threats to the information verification process including phishing and other social engineering attacks.
The skills-training is provided before personnel commence their role and GTS requires them to pass an examination. GTS maintains records of these trainings and ensures that personnel maintain an appropriate skill level.
GTS requires personnel in Trusted Roles to maintain skill levels consistent with formal training and performance management requirements and to undergo re-training at least annually.
No stipulation.
GTS takes appropriate action to protect the security of its CAs. Where appropriate, this can include the suspension and termination of employees in Trusted Roles if they performed unauthorized acts, abused their authority or otherwise failed to comply with GTS policy.
Independent contractors must meet the same training requirements as GTS employees working in the same role. Identification and authentication functions are not performed by independent contractors.
Training and documentation is provided to GTS employees as necessary for them to perform competently in their job role.
Audit logs are generated for all events related to the security (physical and logical) and services of the CA. Logs are automatically generated whenever possible. Where this is not possible, manual logging and record keeping methods may be used. All security audit logs, both electronic and non-electronic, are retained and made available during compliance audits.
At a minimum, each audit record includes:
Audit logs are reviewed on an as-needed basis.
Audit logs are retained for at least the period required by Section 5.4.3 of the CABF TLS Baseline Requirements.
Multiple copies of audit logs are stored in different locations and protected by appropriate physical and logical access controls.
GTS maintains formal procedures to ensure that audit logs are backed up and retained to keep them available as necessary for the CA service and as stipulated by applicable requirements.
No stipulation.
No stipulation.
System vulnerabilities are managed in accordance with a formal process that addresses the identification, review, response, and remediation of vulnerabilities.
Additionally, GTS performs vulnerability assessments on an annual basis and after significant infrastructure or software changes.
On an annual basis, GTS performs a Risk Assessment that:
System vulnerabilities are managed in accordance with a formal process that addresses the identification, review, response, and remediation of vulnerabilities.
Additionally, GTS performs a Vulnerability Scan on public and private IP addresses belonging to the Certificate Systems on the following occasions:
GTS performs a comprehensive security review on its Certificate Systems at least once per year. Security reviews are iterative in nature and may include Code Review, Architecture Review, Configuration Review, Threat Modeling, and Penetration Testing depending on what changes occur between reviews.
GTS may perform additional reviews after infrastructure or application upgrades or modifications that it determines are significant.
Records to be archived are those specified in Section 5.4.1.
Archived records are retained for at least the period required by Section 5.5.2 of the CABF TLS Baseline Requirements.
Key generation ceremony scripts and associated records are retained at least for the lifetime of the generated key pairs.
GTS may archive log data and documentation for longer e.g. if it is necessary for security or audit reasons or if it is required by law.
Archived information is stored at multiple physical locations to protect it from loss.
Backup and recovery procedures exist to ensure that archived information can be restored if it has been lost or destroyed in one storage location.
Archived records such as log files are time-stamped by the CA systems which generate them. Time-stamps need not be cryptography-based.
No stipulation.
No stipulation.
The procedure for providing a new CA Certificate to a Subject following a re-key is the same as the procedure for initially providing the CA Certificate.
The GTS CA infrastructure is operated from redundant production sites. If a disaster causes an outage at one site, the CA service can be provided from an alternate location.
GTS maintains an incident response plan and a disaster recovery plan, which set out the procedures necessary to ensure business continuity, to notify affected stakeholders, and to reasonably protect Application Software Suppliers, Subscribers, and Relying Parties in the event of a disaster, security compromise, or business failure. GTS annually tests, reviews, and updates its business continuity plan and its security plans and makes them available to its Qualified Auditor upon request.
Redundant CA sites are physically separated. If software or data at one site is corrupted, it can be restored from an alternate site via a secure connection.
Backups of all relevant software and data are made on a regular basis. They are stored off-site and can be retrieved electronically when necessary.
In the event that the Private Key of a GTS CA is compromised, GTS will:
Once the compromised key material has been replaced and a secure operation of the CA in question has been established, GTS may re-issue the revoked certificates following the procedure for initially providing the certificates.
GTS employs and contracts security personnel who will use all reasonable means to monitor the CA facility after a natural or other type of disaster so as to protect sensitive materials and information against loss, additional damage, and theft.
To confirm that it possesses appropriate disaster recovery capabilities, GTS performs periodic tests of its business continuity and disaster recovery plans.
When it is necessary to terminate operation a GTS CA, the impact of the termination is minimized as much as possible in light of the prevailing circumstances. This includes:
If commercially reasonable, prior notice of the termination of a GTS CA will be given at least 3 months before the termination date.
Key pairs for GTS CAs are generated on hardware security modules that meet the requirements of section 6.2.1. They are generated during a ceremony that meets the requirements of this CP/CPS.
Subscriber key pairs are generated by the Subscriber.
GTS never generates or has access to Subscriber Private Keys.
Subscribers may provide their Public Key to GTS for certification via ACME.
The Public Keys of GTS CAs are made available from the online Repository at https://pki.goog/repository/. Additionally, the Public Keys of GTS root CAs are delivered through their inclusion into the root stores of software, operating systems, and equipment manufacturers.
GTS Root CA key pairs are either RSA keys whose encoded modulus size is 4096 bits, or ECDSA keys which are a valid point on the NIST P-384 or P-256 elliptic curve.
GTS Subordinate CA key pairs are either RSA keys whose encoded modulus size is 2048 bits, or ECDSA keys which are a valid point on the NIST P-384 or P-256 elliptic curve.
The following algorithms and key lengths are permissible for subscriber certificates:
| Type | Permissible values |
|---|---|
| RSA | 2048, 3072, 4096 |
| ECDSA | NIST P-256, P-384 |
The following additional requirements apply to RSA keys:
The validity of all ECDSA keys is confirmed using either the ECC Full Public Key Validation Routine or the ECC Partial Public Key Validation Routine.
See Section 7, Certificate Profiles.
GTS implements physical and logical safeguards to prevent unauthorized Certificate issuance. Protection of the Private Key outside the validated system or device specified in Section 6.2.7 consists of physical security, encryption, or a combination of both, implemented in a manner that prevents disclosure of the Private Key.
GTS encrypts its Private Keys with an algorithm and key-length that, according to the state of the art, are capable of withstanding cryptanalytic attacks for the residual life of the encrypted key or key part.
All CA Private Keys used to sign certificates, CRLs, or any related information leverage hardware security modules meeting FIPS 140-2 Level 3 or higher or Common Criteria EAL4+ security specifications. Cryptography leveraged to protect this information is selected to withstand cryptanalytic attacks for the lifetime of the encrypted key.
CA Private Keys are kept in a physically secure location, and are never stored unencrypted outside of hardware security modules.
All access to GTS Private Keys requires multiple persons performing in Trusted Roles, for both physical and logical access. This is true for all copies of Private Keys, including backups.
The Private Keys of GTS CAs are not escrowed.
Backups of CA Private Keys are stored in a secure manner in accordance with applicable GTS policy.
Private Keys belonging to GTS CAs are not archived by parties other than GTS.
Private Keys generated on behalf of a Subordinate CA are encrypted for transport to the Subordinate CA.
All transfers of Private Keys into or from a cryptographic module are performed in accordance with the procedures specified by the vendor of the relevant cryptographic module.
See 6.2.1
Private Keys are activated in accordance with applicable instructions specified by the cryptographic module manufacturer
Private Keys are deactivated in accordance with applicable instructions specified by the cryptographic module manufacturer.
Private Keys are destroyed in accordance with applicable instructions specified by the cryptographic module manufacturer. In addition GTS policy on destruction of highly confidential information is followed.
See Section 6.2.1.
No stipulation.
Certificates are valid from the moment of signing, unless otherwise specified in the Certificate validity structure, until the Certificate expiration time.
Leaf Certificates are issued for a period of 93 days or less. SXG subscriber certificates are issued for a period of 48 days or less. A day is measured as 86,400 seconds.
Activation data used to activate GTS CA Private Keys is generated during a key ceremony as described in section 6.1.1. The activation data is transferred to a person performing in a trusted role to use it or store it. The delivery method maintains the confidentiality and the integrity of the activation data.
GTS CA activation data is protected from unauthorized disclosure via both logical and physical access control mechanisms.
No stipulation.
GTS CA system information is protected from unauthorized access through a combination of operating system controls, physical controls and network security controls. Network security controls are specified in Section 6.7.
CA systems enforce multi-factor authentication for all accounts capable of directly causing Certificate issuance.
No stipulation.
GTS uses software that has been formally tested for suitability and fitness for purpose. Hardware is procured through a managed process leveraging industry-standard vendors.
GTS performs linting multiple times throughout the Certificate issuance process.
If there are errors discovered by a lint or check at any point during the issuance process. GTS is alerted and performs an investigation to determine what action needs to be taken.
GTS may perform linting on the corpus of its unexpired, unrevoked Subscriber certificates whenever it updates the linting software.
Google has established an information security organization which implements and operates a framework of internal controls that comprises technical, organizational, and procedural measures. GTS follows applicable Google frameworks and controls.
System access is managed on an individual basis and at several levels including the assignment of operating system privileges to the user accounts of individuals performing in Trusted Roles.
GTS's certificate systems are protected by Google's security infrastructure and a GTS specific set of controls that implement the CA/Browser Forum's Network and Certificate System Security Requirements.
These controls include:
All logs contain synchronized time stamps.
Certificates conform to RFC 5280, Internet X.509 Public Key Infrastructure Certificate and CRL Profile. Certificate extensions and their criticality, as well as cryptographic algorithm object identifiers, are populated according to the IETF RFC 5280 standard. Moreover, GTS meets the technical requirements set forth in Section 2.2, Section 6.1.5, and Section 6.1.6.
Where stipulations of RFC 5280 are in conflict with applicable requirements of the CA/Browser Forum, the CA/Browser Forum requirements are followed.
Certificates are of type X.509 v3.
This section specifies the additional requirements for certificate content and extensions for certificates.
All certificates GTS issues comply with one of the following certificate profiles derived from RFC 5280. Except as explicitly noted, all normative requirements imposed by RFC 5280 shall apply, in addition to the normative requirements imposed by this document. See RFC 5280, Appendix B for further information.
| Field | Content |
|---|---|
version |
v3 |
serialNumber |
A non-sequential number greater than zero (0) and less than 2¹⁵⁹ containing at least 64 bits of output from a CSPRNG. |
signature |
See section 7.1.3.2 |
issuer |
Byte-for-byte identical to the encoded subject |
validity |
See section 7.1.2.1.1 |
subject |
Contains countryName, organizationName and commonName. |
subjectPublicKeyInfo |
See section 7.1.3.1 |
extensions |
See section 7.1.2.1.2 |
signatureAlgorithm |
Byte-for-byte identical to the tbsCertificate.signature. |
Note: The GlobalSign R4 root does not follow the current root CA certificate profile as it predates today's standards.
| Field | Minimum | Maximum |
|---|---|---|
notBefore |
One day prior to the time of signing | The time of signing |
notAfter |
2922 days (approx. 8 years) after notBefore |
9132 days (approx. 25 years) after notBefore |
Any extension not mentioned is always absent from the certificate.
| Extension | Presence | Critical | Content |
|---|---|---|---|
basicConstraints |
ALWAYS | Y | cA is TRUE, pathLenConstraint is not set |
keyUsage |
ALWAYS | Y | keyCertSign and cRLSign are set, digitalSignature may be set, other bits are not set |
subjectKeyIdentifier |
ALWAYS | N | 160-bit SHA-1 hash of subjectPublicKey [RFC 5280] |
No stipulation.
See Section 7.1.2.1.2.
GTS issues cross-certified subordinate CA Certificates. The Certificate profile is identical to the subordinate TLS CA Certificate profile found in Section 7.1.2.6.
See Section 7.1.2.6. The notBefore date of cross-certified subordinate CA
Certificates is not set before the earliest notBefore date of the existing CA
Certificate(s).
The subject field is byte-for-byte identical to the encoded subject of the
existing CA Certificate(s).
See Section 7.1.2.6.1.
Not applicable. GTS does not have unrestricted cross-certified subordinate CA Certificates.
See Section 7.1.2.6.1.
See Section 7.1.2.6.1.
Not applicable. GTS does not issue technically constrained non-TLS subordinate CA Certificates.
Not applicable. GTS does not issue technically constrained precertificate signing CA Certificates.
Not applicable. GTS does not issue Technically constrained TLS subordinate CA Certificates.
Any field not mentioned is always absent from the Certificate.
| Field | Content |
|---|---|
tbsCertificate |
`version` | v3
`serialNumber` | A non-sequential number greater than zero (0) and less than 2¹⁵⁹ containing at least 64 bits of output from a CSPRNG.
`signature` | See section 7.1.3.2.
`issuer` | Byte-for-byte identical to the `subject` field of the Issuing CA.
`validity` |
`notBefore` | Not earlier than one day before the time of signing; not later than the time of signing
`notAfter` | Not earlier than the time of signing.
`subject` | Contains `countryName`, `organizationName` and `commonName`
`subjectPublicKeyInfo` | See section 7.1.3.1.
`extensions` | See section 7.1.2.6.1.
signatureAlgorithm | Byte-for-byte identical to the tbsCertificate.signature.
signature |
Any extension not mentioned is always absent from the certificate.
| Extension | Presence | Critical | Content |
|---|---|---|---|
authorityKeyIdentifier |
ALWAYS | N | Identical to the subjectKeyIdentifier field of the Issuing CA. |
basicConstraints |
ALWAYS | Y | cA is TRUE, pathLenConstraint field is set to 0. |
certificatePolicies |
ALWAYS | N | Contains the DV certificate policyIdentifier (2.23.140.1.2.1). |
CRLDistributionPoints |
ALWAYS | N | HTTP URL of the Issuing CA's CRL service for this certificate. |
keyUsage |
ALWAYS | Y | keyCertSign and cRLSign are set, digitalSignature may be set, other bits are not set |
subjectKeyIdentifier |
ALWAYS | N | 160-bit SHA-1 hash of subjectPublicKey [RFC 5280] |
extkeyUsage |
ALWAYS | N | Includes id-kp-serverAuth and may include id-kp-clientAuth; does not include other values [RFC 5280] |
authorityInformationAccess |
ALWAYS | N | Contains the HTTP URL of the Issuing CA's certificate and may contain the HTTP URL of the Issuing CA's OCSP responder |
GTS issues Domain Validated (DV) TLS Subscriber certificates and Signed HTTP Exchange (SXG) subscriber certificates. Differences between the two profiles are described in the respective subsections below.
Any field not mentioned is always absent from the certificate or empty.
| Field | Description |
|---|---|
version |
v3 |
serialNumber |
A non-sequential number greater than zero (0) and less than 2¹⁵⁹ containing at least 64 bits of output from a CSPRNG. Unique per Issuing CA. |
signature |
See Section 7.1.3.2. |
issuer |
Byte-for-byte identical to the subject field of the Issuing CA. |
validity - notBefore |
A value within 48 hours of the certificate signing operation. |
validity - notAfter |
See section 6.3.2. |
subject |
Either an empty sequence or contains the commonName only, where the value is derived from the subjectAltName extension according to Section 7.1.4.3. |
subjectPublicKeyInfo |
See Section 7.1.3.1. |
extensions |
See Section 7.1.2.7.6. |
signatureAlgorithm |
Byte-for-byte identical to the tbsCertificate.signature. |
Not applicable. GTS does not issue Individual validated certificates.
Not applicable. GTS does not issue Organization validated leaf certificates.
Not applicable. GTS does not issue Extended validation certificates.
Any extension not mentioned is always absent from the certificate.
| Extension | Presence | Critical | Description {.sortable} |
|---|---|---|---|
authorityInformationAccess |
ALWAYS | N | See section 7.1.2.7.7. |
authorityKeyIdentifier |
ALWAYS | N | keyIdentifier is identical to the subjectKeyIdentifier field of the Issuing CA. |
certificatePolicies |
ALWAYS | N | Contains the DV certificate policyIdentifier (2.23.140.1.2.1). |
extKeyUsage |
ALWAYS | N | Includes id-kp-serverAuth and may include id-kp-clientAuth [RFC 5280] |
subjectAltName |
ALWAYS | * | Marked critical if subject is empty, not marked critical otherwise. Contains at least one name and all names are of type dNSName or iPAddress. |
keyUsage |
ALWAYS | Y | digitalSignature bit is always set, keyEncipherment bit is set if the certificate's subjectPublicKeyInfo identifies an RSA public key. |
basicConstraints |
ALWAYS | Y | cA is FALSE |
crlDistributionPoints |
ALWAYS | N | Contains the HTTP URL of the Issuing CA's CRL service for this certificate. |
| Signed Certificate Timestamp List | ALWAYS | N | Contains at least two SignedCertificateTimestamp [RFC 6962] for a PreCert LogEntryType that corresponds to the current certificate. |
subjectKeyIdentifier |
ALWAYS | N | Contains 160-bit SHA-1 hash of subjectPublicKey [RFC 5280] |
| Extension | Presence | Critical | Description {.sortable} |
|---|---|---|---|
extKeyUsage |
ALWAYS | N | Includes id-kp-serverAuth [RFC 5280] only. |
canSignHttpExchanges |
ALWAYS | N | Contains the NULL value. |
| Any other extension | * | * | Identical to the table in 7.1.2.7.6.1 |
Note: canSignHttpExchanges is defined as OID 1.3.6.1.4.1.11129.2.1.22.
| Access Method | OID | Access Location | Presence | Description |
|---|---|---|---|---|
id-ad-ocsp |
1.3.6.1.5.5.7.48.1 |
uniformResourceIdentifier |
OPTIONAL | A HTTP URL of the Issuing CA's OCSP responder. |
id-ad-caIssuers |
1.3.6.1.5.5.7.48.2 |
uniformResourceIdentifier |
ALWAYS | A HTTP URL of the Issuing CA's certificate. |
See section 7.1.2.7.6.
See section 7.1.2.7.6.
See section 7.1.2.7.6.
See section 7.1.2.7.6.
See section 7.1.2.7.6.
Not applicable. GTS does not issue OCSP responder certificates.
GTS uses directly issued precertificates only. The precertificate profile is the same as the respective subscriber Certificate profile, except for the differences specified in section 7.1.2.9.1.
| Extension | Presence | Critical | Description |
|---|---|---|---|
| Precertificate Poison | ALWAYS | Y | Contains an extnValue OCTET STRING of 0500. |
| Signed Certificate Timestamp List | NEVER | - | |
| Any other extension | * | * | Identical to the table in section 7.1.2.7.6. |
Not applicable. GTS does not issue precertificates with a precertificate CA.
See section 7.1.2.9.1.
Not applicable. GTS does not issue precertificates with a precertificate CA.
No stipulation.
GTS does not issue any subscriber Certificates or subordinate CA Certificates using the SHA-1 hash algorithm.
The following requirements apply to the subjectPublicKeyInfo field within a
certificate or precertificate. No other encodings are permitted.
GTS follows the BRs for indicating usage of RSA.
GTS follows the BRs for P-256 and P-384 keys.
GTS does not support P-521 keys.
GTS conforms to all the requirements for the usage of the AlgorithmIdentifier
and AlgorithmIdentifier-derived type in the context of signatures listed in
the BRs.
GTS uses the following signature algorithms and its corresponding encodings from the BRs:
GTS uses the appropriate signature algorithm and encoding based upon the signing key as stated in the BRs for P-256 and P-384 signing keys.
GTS does not sign with P-521 keys.
This section details encoding rules that apply to all Certificates issued by GTS. Further restrictions may be specified within Section 7.1.2. These restrictions do not supersede these requirements.
No stipulation.
Root CA certificates do not contain the certificatePolicies extension.
Subscriber certificates include one or more of the following Object Identifiers, depending on their type and the method of validation used.
CABF TLS Baseline Requirements:
2.23.140.1.2.1GTS Policies:
1.3.6.1.4.1.11129.2.5.31.3.6.1.4.1.11129.2.5.3.1No stipulation.
No stipulation.
No stipulation.
GTS issues CRLs in accordance with the profile specified below.
GTS does not issue indirect CRLs.
| Field | Content |
|---|---|
version |
v2 |
signature |
See section 7.1.3. |
issuer |
Byte-for-byte identical to the subject field of the Issuing CA |
thisUpdate |
Issue date of the CRL |
nextUpdate |
For CRLs covering Subscriber Certificates, at most 10 days after the thisUpdate. For other CRLs, at most 12 months after the thisUpdate |
revokedCertificates |
Certificates that have been revoked and the corresponding entry has yet to appear on at least one regularly scheduled CRL beyond the revoked Certificate's validity period. |
extensions |
See the "CRL Extensions" table in section 7.2.2. |
signatureAlgorithm |
Encoded value Byte-for-byte identical to the tbsCertList signature. |
signature |
Signature covering the CRL signed by the associated CA. |
Certificate Revocation Lists are of type X.509 v2.
Table: CRL Extensions
Any other extension or field is always absent from the CRL.
| Extension | Presence | Critical | Content |
|---|---|---|---|
authorityKeyIdentifier |
ALWAYS | N | Identical to the subjectKeyIdentifier field of the Issuing CA. |
CRLNumber |
ALWAYS | N | INTEGER greater than or equal to zero (0) and less than 2¹⁵⁹, and follows a strictly increasing sequence |
IssuingDistributionPoint |
* | Y | See section 7.2.2.1. |
Table: revokedCertificates Component
| Component | Presence | Content |
|---|---|---|
serialNumber |
ALWAYS | Byte-for-byte identical to the serialNumber contained in the revoked certificate. |
revocationDate |
ALWAYS | Date and time of revocation. The revocation date may be backdated if the reasonCode is keyCompromise. |
crlEntryExtensions |
* | See the "crlEntryExtensions Component" table |
Table: crlEntryExtensions Component
Any other extension or field is always absent from the CRL.
| CRL Entry Extension | Content |
|---|---|
reasonCode |
When present (OID 2.5.29.21), not marked critical and indicates the most appropriate reason for revocation of the Certificate. Present unless the CRL entry is for a certificate not technically capable of causing issuance and the revocation reason is unspecified (0). |
GTS supports all RFC 5280 reasonCodes listed in the BRs except for the
affiliationChanged reasonCode.
Tools that GTS provides to the Subscriber allow for these options to be easily specified when the Subscriber requests revocation of their certificate, with the default value being that no revocation reason is provided (i.e. the default corresponds to the CRLReason "unspecified (0)" which results in no reasonCode extension being provided in the CRL). For revocation requests made via ACME, the reason code can be selected during the ACME workflow.
The privilegeWithdrawn reasonCode is not available to the Subscriber as a
revocation reason option, because the use of this reasonCode is determined by
GTS and not the Subscriber.
When GTS obtains verifiable evidence of Key Compromise for a certificate whose
CRL entry does not contain a reasonCode extension or has a reasonCode
extension with a non-keyCompromise reason, GTS may update the CRL entry to
enter keyCompromise as the CRLReason in the reasonCode extension.
Additionally, GTS may update the revocation date in a CRL entry when it is
determined that the private key of the certificate was compromised prior to the
revocation date that is indicated in the CRL entry for that certificate.
GTS only uses partitioned CRLs for subscriber Certificates and follows the requirements listed in the BRs.
The indirectCRL and onlyContainsAttributeCerts fields are set to FALSE.
GTS provides an OCSP service for TLS certificates which conforms to the RFC 6960 standard.
If an OCSP response is for a Root CA or Subordinate CA Certificate, including
Cross-Certified Subordinate CA Certificates, and that certificate has been
revoked, then the revocationReason field within the RevokedInfo of the
CertStatus is present.
The CRLReason indicated contains a value permitted for CRLs, as specified in
Section 7.2.2.
No stipulation.
The singleExtensions of OCSP responses does not contain the reasonCode (OID
2.5.29.21) CRL entry extension.
Compliance audits are conducted at least annually.
Compliance audits of GTS CAs are performed by a public accounting firm that possesses the following qualifications and skills:
Compliance audits of GTS CAs are performed by a public accounting firm that is independent of the subject of the audit.
Annual compliance audits of GTS CAs include an assessment of the controls GTS has implemented to ensure the secure operation of its CAs. In particular they cover an assessment of GTS's compliance with the applicable WebTrust Principles and Criteria for Certification Authorities as published by CPA Canada.
The Audit Reports are published at (https://pki.goog/).
If a material deficiency in the design or operation of a control is identified during an audit, GTS's CA Policy Authority determines whether remediating actions are required and how these will be implemented. GTS seeks the input of its Qualified Auditor regarding the remediation plans it makes and implements the remediation action within a commercially reasonable period of time.
The Audit Report is made publicly available no later than three months after the end of the audit period. GTS is not required to make publicly available any general audit findings that do not impact the overall audit opinion. In the event of a delay greater than three months, and if so requested by an Application Software Supplier, GTS will provide an explanatory letter signed by its Qualified Auditor.
The Audit Report covers the relevant systems and processes used in the issuance of all Certificates that assert one or more of the policy identifiers listed in Section 7.1.6.1. The Audit Report states explicitly which CAs, certification practices, and locations it covers.
GTS performs quarterly internal audits of the Certificates it issues, which audits comply with the requirements of Section 8.7 of the CABF TLS Baseline Requirements.
GTS does not use Delegated Third Parties in the Certificate Management Process. All third parties who are involved in performing or fulfilling the requirements of this CP/CPS are within the scope of GTS's audits.
GTS may charge Subscribers for the issuance, management and renewal of Certificates. GTS does not charge for the revocation of certificates it has issued.
No stipulation.
GTS does not charge a fee as a condition of making the CRLs required by this CP/CPS available in a Repository or otherwise available to Relying Parties. GTS may however charge a fee for providing customized CRLs, OCSP services, or other value-added revocation and status information services. GTS does not permit access to revocation information, Certificate status information, or time stamping in its Repository by third parties that provide products or services that utilize such Certificate status information without GTS's prior express written consent.
GTS does not charge a fee for access to this CP/CPS. Any use made for purposes other than simply viewing the document, such as reproduction, redistribution, modification, or creation of derivative works, shall be subject to a license agreement with GTS.
No stipulation.
Google maintains general liability insurance coverage inclusive of GTS.
No stipulation.
No stipulation.
No stipulation.
Certificates and revocation data are not considered confidential information. Furthermore information is not considered confidential if its disclosure is mandated pursuant to this CP/CPS.
No stipulation.
GTS follows the Google Privacy Policy available at: https://www.google.com/policies/privacy/
See Section 9.4.1.
See Section 9.4.1.
See Section 9.4.1.
See Section 9.4.1.
See Section 9.4.1.
See Section 9.4.1.
GTS and its licensors, own the intellectual property rights in the GTS CA services, including the Certificates, trademarks used in providing Certificate services and this CP/CPS.
Certificate and revocation information are the exclusive property of GTS. GTS grants permission to reproduce and distribute certificates on a non-exclusive and royalty-free basis, provided that they are reproduced and distributed in full. GTS does not allow derivative works of its Certificates or products without prior written permission.
Private and Public Keys remain the property of the Subscribers who rightfully hold them. All secret shares (distributed elements) of the GTS Private Keys are the property of GTS.
By issuing a Certificate, GTS makes the certificate warranties listed in 9.6.1 of the CABF TLS Baseline Requirements.
No stipulation.
GTS requires, as part of the Subscriber Agreement, that the Applicant make the commitments and warranties in BR Section 9.6.3 for the benefit of GTS and the Certificate Beneficiaries.
The Subscriber Agreement may include additional representations and warranties.
Relying Parties represent and warrant that: (a) they have read, understand and agree to this CP/CPS; (b) they have verified both the relevant GTS CA's certificate and any other certificates in the certificate chain using the relevant CRL or OCSP; (c) they will not use a certificate if the certificate has expired or been revoked; (d) they have sufficient information to make an informed decision as to the extent to which they choose to rely on the information in a certificate; (e) they have studied the applicable limitations on the usage of certificates and agree to GTS's limitations on liability related to the use of certificates; (f) they are solely responsible for deciding whether or not to rely on information in a certificate; and (g) they are solely responsible for the legal and other consequences of their failure to perform the Relying Party obligations in this CP/CPS.
Relying Parties also represent and warrant that they will take all reasonable steps to minimize the risk associated with relying on a digital signature, including only relying on a certificate after considering:
Applicable law and the legal requirements for identification of a party, protection of the confidentiality or privacy of information, and enforceability of the transaction;
The intended use of the certificate as listed in the Certificate or this CP/CPS;
The data listed in the Certificate;
The economic value of the transaction or communication;
The potential loss or damage that would be caused by an erroneous identification or a loss of confidentiality or privacy of information in the application, transaction, or communication;
The Relying Party's previous course of dealing with the Subscriber;
The Relying Party's understanding of trade, including experience with computer-based methods of trade; and
Any other indicia of reliability or unreliability pertaining to the Subscriber and/or the application, communication, or transaction.
The Relying Party Agreement may include additional representations and warranties.
No stipulation.
EXCEPT AS EXPRESSLY STATED IN SECTION 9.6.1 OF THIS CP/CPS, ALL CERTIFICATES AND ANY RELATED SOFTWARE AND SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE." TO THE MAXIMUM EXTENT PERMITTED BY LAW, GTS DISCLAIMS ALL OTHER WARRANTIES, BOTH EXPRESS AND IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, ANY WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF ACCURACY OF INFORMATION PROVIDED WITH RESPECT TO CERTIFICATES ISSUED BY GTS, THE CRL, AND ANY PARTICIPANT'S OR THIRD PARTY'S PARTICIPATION IN THE GTS PKI, INCLUDING USE OF KEY PAIRS, CERTIFICATES, THE CRL OR ANY OTHER GOODS OR SERVICES PROVIDED BY GTS TO THE PARTICIPANT.
EXCEPT AS EXPRESSLY STATED IN SECTION 9.6.1 OF THIS CP/CPS, GTS DOES NOT WARRANT THAT ANY SERVICE OR PRODUCT WILL MEET ANY EXPECTATIONS OR THAT ACCESS TO CERTIFICATES WILL BE TIMELY OR ERROR-FREE.
GTS does not guarantee the availability of any products or services and may modify or discontinue any product or service offering at any time. A fiduciary duty is not created simply because an individual or entity uses GTS's services.
TO THE EXTENT PERMITTED BY APPLICABLE LAW, GTS SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOST DATA, LOST PROFITS, LOST REVENUE OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY, INCLUDING BUT NOT LIMITED TO CONTRACT OR TORT (INCLUDING PRODUCTS LIABILITY, STRICT LIABILITY AND NEGLIGENCE), AND WHETHER OR NOT IT WAS, OR SHOULD HAVE BEEN, AWARE OR ADVISED OF THE POSSIBILITY OF SUCH DAMAGE AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY STATED HEREIN. GTS'S AGGREGATE LIABILITY UNDER THIS CP/CPS IS LIMITED TO $500.
GTS shall defend, indemnify, and hold harmless each Application Software Supplier for any and all claims, damages, and losses suffered by such Application Software Supplier related to a Certificate issued by GTS, regardless of the cause of action or legal theory involved. This does not apply, however, to any claim, damages, or loss suffered by such Application Software Supplier related to a Certificate issued by GTS where such claim, damage, or loss was directly caused by such Application Software Supplier’s software displaying as not trustworthy a Certificate that is still valid, or displaying as trustworthy: (1) a Certificate that has expired, or (2) a Certificate that has been revoked (but only in cases where the revocation status is currently available from GTS, and the application software either failed to check such status or ignored an indication of revoked status).
New versions of this CP/CPS supersede all previous versions and become effective upon publication in the Repository.
This CP/CPS and any amendments remain in effect until replaced by a newer version.
Upon termination of this CP/CPS, Participants are nevertheless bound by its terms for all Certificates issued for the remainder of the validity periods of such Certificates.
Unless otherwise specified by agreement between the parties, Participants shall use commercially reasonable methods to communicate with each other, taking into account the criticality and subject matter of the communication.
GTS may change this CP/CPS at any time in its sole discretion and without prior notice to Subscribers or Relying Parties. The CP/CPS and any amendments thereto are available in the Repository. Amendments to this CP/CPS will be evidenced by a new version number and date, except where the amendments are purely clerical.
GTS may provide additional notice (such as in the Repository or on a separate website) in the event that it makes any material changes to its CP/CPS. GTS is responsible for determining what constitutes a material change of the CP/CPS. GTS does not guarantee or set a notice-and-comment period.
No stipulation.
No stipulation.
This CP/CPS is governed by the laws of the State of California of the United States of America, excluding (i) its choice of laws principles, and (ii) the United Nations Convention on Contracts for the International Sale of Goods. All Participants hereby submit to the exclusive jurisdiction and venue of the federal or state courts in Santa Clara County, California.
GTS shall issue Certificates and operate its PKI in accordance with all law applicable to its business and the Certificates it issues in every jurisdiction in which it operates. This CP/CPS is subject to applicable national, state, local and foreign laws, rules, regulations, ordinances, decrees, and orders including, but not limited to, restrictions on exporting or importing software, hardware, or technical information. GTS licenses its CAs in each jurisdiction that it operates where licensing is required by the law of such jurisdiction for the issuance of Certificates.
No stipulation.
GTS is free to assign its rights and obligations under this CP/CPS. Relying Parties and Subscribers may not assign their rights (if any) or obligations under this CP/CPS, by operation of law or otherwise, without GTS's prior written approval. Any such attempted assignment shall be void. Subject to the foregoing, this CP/CPS shall be binding upon and inure to the benefit of the parties hereto, their successors and permitted assigns.
No stipulation.
GTS may seek indemnification and attorneys' fees from a party for damages, losses, and expenses related to that party's conduct. GTS's failure to enforce a provision of this CP/CPS does not waive GTS's right to enforce the same provision later or right to enforce any other provision of this CPS. To be effective, waivers must be in writing and signed by GTS.
GTS shall not be liable for any default or delay in the performance of its obligations hereunder to the extent and while such default or delay is caused, directly or indirectly, by fire, flood, earthquake, elements of nature or acts of God, acts of war, terrorism, riots, civil disorders, rebellions or revolutions in the United States, strikes, lockouts, or labor difficulties or any other similar cause beyond the reasonable control of GTS.
No stipulation.
Automatic Certificate Management Environment (ACME): A communications protocol for automating interactions between Certificate Authorities and their Subscribers.
Affiliate: A corporation, partnership, joint venture or other entity controlling, controlled by, or under common control with another entity, or an agency, department, political subdivision, or any entity operating under the direct control of a Government Entity.
Applicant: The natural person or Legal Entity that applies for (or seeks renewal of) a certificate. Once the certificate is issued, the Applicant is referred to as the Subscriber. For certificates issued to devices, the Applicant is the entity that controls or operates the device named in the certificate, even if the device is sending the actual certificate request.
Application Software Supplier: A supplier of Internet browser software or other relying-party application software (web-based or application based) that processes, displays or uses Certificates and incorporates Root Certificates.
Audit Period: In a period-of-time audit, the period between the first day (start) and the last day of operations (end) covered by the audit opinion.
Audit Report: A report from a Qualified Auditor stating the Qualified Auditor's opinion on GTS's internal controls over its CA operations in relation to applicable audit criteria.
Authorization Domain Name: The FQDN used to obtain authorization for a given FQDN to be included in a certificate. GTS may use the FQDN returned from a DNS CNAME lookup as the FQDN for the purposes of domain validation. If a Wildcard Domain Name is to be included in a certificate, then GTS removes "'*.'" from the left-most portion of the Wildcard Domain Name to yield the corresponding FQDN. GTS may prune zero or more Domain Labels of the FQDN from left to right until encountering a Base Domain Name and may use any one of the values that were yielded by pruning (including the Base Domain Name itself) for the purpose of domain validation.
Authorized Ports: One of the following ports: 80 (http), 443 (https), 25 (smtp), 22 (ssh).
CABF TLS Baseline Requirements or BR: CA/Browser Forum Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates, available at https://cabforum.org/baseline-requirements-documents/
CAA: From RFC 8659 (http://tools.ietf.org/html/rfc8659): "The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain name. CAA Resource Records allow a public CA to implement additional controls to reduce the risk of unintended certificate mis-issue."
CA Key Pair: A Key Pair where the Public Key appears as the Subject Public Key Info in one or more Root CA certificate(s) and/or Subordinate CA certificate(s).
CA Services: Services relating to the creation, issuance, or management of Certificates provided by GTS under this CP/CPS.
Certificate: An electronic document that uses a digital signature to bind a Public Key and an identity. In the context of this document it always refers to TLS Server Certificates.
Certificate Policy (CP): This document.
Certificate Problem Report: Complaint of suspected Key Compromise, certificate misuse, or other types of fraud, compromise, misuse, or inappropriate conduct related to certificates.
Certificate Profile: A set of documents or files that defines requirements for certificate content and certificate extensions in accordance with Section 7.
Certificate Revocation List (CRL): A regularly updated time-stamped list of revoked certificates that is created and digitally signed by the CA that issued the certificates.
Certification Authority (CA): An organization that is responsible for the creation, issuance, revocation, and management of certificates. The term applies equally to both Roots CAs and Subordinate CAs. The term CA can depending on the context also refer to the infrastructure used by that organization to provide CA Services.
Cross Certificate: A certificate that is used to establish a trust relationship between two Root CAs.
Cross-Certified Subordinate CA Certificate: A certificate that is used to establish a trust relationship between two CAs.
CSPRNG: A pseudo-random number generator intended for use in a cryptographic system.
Delegated Third Party: A Natural Person or Legal Entity that is not the CA but is authorized by GTS, and whose activities are not within the scope of the appropriate CA audits, to assist in the certificate management process by performing or fulfilling one or more of the CA requirements found herein.
Domain Contact: The Domain Name Registrant, technical contact, or administrative contact (or the equivalent under a ccTLD) for a Base Domain Name.
Domain Name: An ordered list of one or more Domain Labels assigned to a node in the Domain Name System.
Domain Validated (DV) Certificate: A certificate which verifies that the Subscriber controls the domain names and IP addresses included in the certificate.
Expiry Date: The "Not After" date in a certificate that defines the end of a certificate's validity period.
Fully-Qualified Domain Name (FQDN): A Domain Name that includes the Domain Labels of all superior nodes in the Internet Domain Name System.
FIPS: (US Government) Federal Information Processing Standard
GTS: Google Trust Services Europe Ltd for Subscribers in the EU and Google Trust Services LLC (a Delaware corporation) for all other Subscribers.
GTS Affiliate: An entity that is controlled with or by or is under common control with GTS.
GTS CA: A CA operated by GTS in accordance with this CP/CPS and listed in Section 1.3.1 of this CP/CPS.
GTS Certificate: A certificate issued by a GTS CA under this CP/CPS.
GTS PKI: The GTS Public Key Infrastructure established, operated and maintained by GTS for publicly trusted certificates.
Identification and Authentication (I&A): The process for ascertaining and confirming through appropriate inquiry and investigation the identity and authority of a person or entity. See Section 3.2.
Individual-Validated (IV): Refers to a Certificate Subject that includes only Individual (Natural Person) attributes, rather than attributes linked to an Organization.
Information Security Team: Google employees who belong to a Privacy & Security organization.
Internal Name: A string of characters (not an IP address) in a Common Name or Subject Alternative Name field of a Certificate that cannot be verified as globally unique within the public DNS at the time of certificate issuance because it does not end with a Top Level Domain registered in IANA's Root Zone Database.
IP Address: A 32-bit or 128-bit number assigned to a device that uses the Internet Protocol for communication.
IP Address Contact: The person(s) or entity(ies) registered with an IP Address Registration Authority as having the right to control how one or more IP Addresses are used.
IP Address Registration Authority: The Internet Assigned Numbers Authority (IANA) or a Regional Internet Registry (RIPE, APNIC, ARIN, AfriNIC, LACNIC).
Issuing CA: In relation to a particular certificate, the CA that issued the certificate. This could be either a Root CA or a Subordinate CA.
Key Compromise: A Private Key is said to be compromised if its value has been disclosed to an unauthorized person, or an unauthorized person has had access to it.
Key Generation Script: A documented plan of procedures for the generation of a CA Key Pair.
Key Pair: Two mathematically related numbers, referred to as a Public Key and its corresponding Private Key, possessing properties such that: (i) the Public Key may be used to verify a Digital Signature generated by the corresponding Private Key; and/or (ii) the Public Key may be used to encrypt an electronic record that can be decrypted only by using the corresponding Private Key.
Linting: A process in which the content of digitally signed data such as a Precertificate [RFC 6962], Certificate, Certificate Revocation List, or OCSP response, or data-to-be-signed object such as a 'tbsCertificate' (as described in RFC 5280, Section 4.1.1.1) is checked for conformance with the profiles and requirements defined in these requirements.
Multi-Perspective Issuance Corroboration: A process by which the determinations made during domain validation and CAA checking by the Primary Network Perspective are corroborated by other Network Perspectives before certificate issuance.
Natural Person: An Individual; a human being as distinguished from a Legal Entity.
Network Perspective: Related to Multi-Perspective Issuance Corroboration. A system (e.g., a cloud-hosted server instance) or collection of network components (e.g., a VPN and corresponding infrastructure) for sending outbound Internet traffic associated with a domain control validation method and/or CAA check. The location of a Network Perspective is determined by the point where unencapsulated outbound Internet traffic is typically first handed off to the network infrastructure providing Internet connectivity to that perspective.
NIST: (US Government) National Institute of Standards and Technology
OCSP: Online Certificate Status Protocol
OID / Object Identifier: A unique alphanumeric or numeric identifier registered under the International Organization for Standardization's applicable standard for a specific object or object class.
OCSP Responder: An online server operated under the authority of GTS and connected to its Repository for processing certificate status requests. See also, Online Certificate Status Protocol.
Online Certificate Status Protocol: An online certificate-checking protocol that enables relying-party application software to determine the status of an identified certificate. See also OCSP Responder.
Organization Validated (OV) Certificate: A certificate which includes the Subscriber's organization name.
Parent Company: A company that controls a subsidiary company.
Participants: The persons authorized to participate in the GTS PKI, as identified in Section 1.3. This term includes the GTS CAs, and each Subscriber and Relying Party operating under the authority of the GTS PKI.
Primary Network Perspective: The Network Perspective used by GTS to make the determination of 1. GTS's authority to issue a Certificate for the requested domain(s) or IP address(es) and 2. the Applicant's authority and/or domain authorization or control of the requested domain(s) or IP address(es).
Private Key: The key of a Key Pair that is kept secret by the holder of the Key Pair, and that is used to create Digital Signatures and/or to decrypt electronic records or files that were encrypted with the corresponding Public Key.
Public Key: The key of a Key Pair that may be publicly disclosed by the holder of the corresponding Private Key and that is used by a Relying Party to verify Digital Signatures created with the holder's corresponding Private Key and/or to encrypt messages so that they can be decrypted only with the holder's corresponding Private Key.
Publicly-Trusted Certificate: A certificate that is trusted by virtue of the fact that its corresponding Root Certificate is distributed as a trust anchor in widely-available application software.
Qualified Auditor: A Natural Person or Legal Entity that meets the requirements of Section 8.2.
Random Value: A value specified by a CA to the Applicant that exhibits at least 112 bits of entropy.
Registration Authority or RA: Any Legal Entity that is responsible for identification and authentication of subjects of certificates, but is not a CA, and hence does not sign or issue certificates. An RA MAY assist in the certificate application process or revocation process or both. When "RA" is used as an adjective to describe a role or function, it does not necessarily imply a separate body, but can be part of the CA.
Reliable Data Source: An identification document or source of data used to verify Subject Identity Information that is generally recognized among commercial enterprises and governments as reliable, and which was created by a third party for a purpose other than the Applicant obtaining a certificate.
Relying Party: Any Natural Person or Legal Entity that relies on a valid certificate. An Application Software Supplier is not considered a Relying Party when software distributed by such Supplier merely displays information relating to a certificate.
Repository: An online accessible database in the GTS PKI containing this CP/CPS, the CRL for revoked GTS certificates, and any other information specified by GTS.
Request Token: A value derived in a method specified by GTS and used to demonstrate domain control.
The Request Token incorporates the key used in the certificate request.
A Request Token includes a timestamp to indicate when it was created and other information to ensure its uniqueness.
A Request Token that includes a timestamp remains valid for no more than 30 days from the time of creation and is treated as invalid if its timestamp is in the future. A Request Token that does not include a timestamp is valid for a single use and GTS does not re-use it for a subsequent validation.
Reserved IP Address: An IPv4 or IPv6 address that is contained in the address block of any entry in either of the following IANA registries: reserved: https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
Revocation: The process of requesting and implementing a change in the status of a certificate from valid to revoked.
Root CA: The top level Certification Authority whose Root Certificate is distributed by Application Software Suppliers and that issues Subordinate CA Certificates.
Root Certificate: The self-signed certificate issued by the Root CA to identify itself and to facilitate verification of certificates issued to its Subordinate CAs.
Short-lived Subscriber Certificate: For certificates issued on or after 15 March 2024 and prior to 15 March 2026, a Subscriber Certificate with a Validity Period less than or equal to 10 days (864,000 seconds). For certificates issued on or after 15 March 2026, a Subscriber Certificate with a Validity Period less than or equal to 7 days (604,800 seconds).
Subject: The Natural Person, device, system, unit, or Legal Entity identified in a certificate as the Subject. The Subject is either the Subscriber or a device under the control and operation of the Subscriber.
Subordinate CA: A Certification Authority whose certificate is signed by the Root CA, or another Subordinate CA.
Subscriber: A Natural Person or Legal Entity to whom a Certificate is issued and who is legally bound by a Subscriber Agreement or Terms of Use.
Subscriber Agreement: The contract between GTS and a Subscriber whereby the Subscriber agrees to the terms required by this CP/CPS with respect to each certificate issued to the Subscriber and naming the Subscriber as the Subject.
Subsidiary Company: A company that is controlled by or under common control of a Parent Company.
Technically Constrained Subordinate CA Certificate: A Subordinate CA Certificate which uses a combination of Extended Key Usage and/or Name Constraint extensions, as defined within the relevant Certificate Profiles of this document, to limit the scope within which the Subordinate CA Certificate may issue Subscriber or additional Subordinate CA Certificates.
Terms of Use: Provisions regarding the safekeeping and acceptable uses of a Certificate issued in accordance with the BR when the Applicant or Subscriber is a GTS or a Google Affiliate.
Test Certificate: A certificate which is issued under a CA where there are no certificate paths/chains to a root certificate subject to these requirements.
TLS: Transport Layer Security
Validity Period: From RFC 5280: "The period of time from notBefore through notAfter, inclusive."
Wildcard Certificate: A certificate containing at least one Wildcard Domain Name in the Subject Alternative Names in the certificate.
Wildcard Domain Name: A string starting with "*." (U+002A ASTERISK, U+002E FULL STOP) immediately followed by a Fully-Qualified Domain Name.
XN-Label: From RFC 5890: "The class of labels that begin with the prefix "xn--" (case independent), but otherwise conform to the rules for LDH labels."
AICPA, American Institute of Certified Public Accountants
BR, CA/Browser Forum TLS Baseline Requirements
CA, Certificate Authority
CAA, Certificate Authority Authorization
ccTLD, Country Code Top-Level Domain
CP, Certificate Policy
CPS, Certification Practice Statement
CRL, Certificate Revocation List
DBA, Doing Business As
DNS, Domain Name System
ETSI, European Telecommunications Standards Institute
FIPS, (US Government) Federal Information Processing Standard
FQDN, Fully-Qualified Domain Name
IANA, Internet Assigned Numbers Authority
ICANN, Internet Corporation for Assigned Names and Numbers
ICAO, International Civil Aviation Organization
ISO, International Organization for Standardization
MPIC, Multi-perspective issuance corroboration
NIST, (US Government) National Institute of Standards and Technology
OCSP, Online Certificate Status Protocol
OID, Object Identifier
PKI, Public Key Infrastructure
RA, Registration Authority
TLD, Top-Level Domain
TLS, Transport Layer Security
ETSI EN 319 403, Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity Assessment - Requirements for conformity assessment bodies assessing Trust Service Providers.
ETSI EN 319 403-1, Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity Assessment; Part 1 - Requirements for conformity assessment bodies assessing Trust Service Providers.
ETSI EN 319 411-1, Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing Certificates; Part 1: General requirements.
ETSI EN 319 411-2, Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing Certificates; Part 2: Requirements for trust service providers issuing EU qualified Certificates.
ETSI EN 319 412-1, Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 1: Overview and common data structures.
ETSI EN 319 412-5, Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 5: QCStatements.
ETSI TS 102 042, Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing public key certificates.
ETSI TS 119 495, Electronic Signatures and Infrastructures (ESI); Sector Specific Requirements; Certificate Profiles and TSP Policy Requirements for Open Banking.
ETSI TS 119 172-4, Electronic Signatures and Infrastructures (ESI); Signature Policies;. Part 4: Signature applicability rules.
FIPS 140-2, Federal Information Processing Standards Publication - Security Requirements For Cryptographic Modules, Information Technology Laboratory, National Institute of Standards and Technology, May 25, 2001.
FIPS 140-3, Federal Information Processing Standards Publication - Security Requirements For Cryptographic Modules, Information Technology Laboratory, National Institute of Standards and Technology, March 22, 2019.
FIPS 186-4, Federal Information Processing Standards Publication - Digital Signature Standard (DSS), Information Technology Laboratory, National Institute of Standards and Technology, July 2013.
ICAO DOC 9303, Machine Readable Travel Documents, Part 10, Logical Data Structure (LDS) for Storage of Biometrics and Other Data in the Contactless Integrated Circuit (IC), International Civil Aviation Organization, Eighth Edition, 2021.
ICAO DOC 9303, Machine Readable Travel Documents, Part 11, Security Mechanisms for MRTDs, International Civil Aviation Organization, Eighth Edition, 2021.
Internet Draft: ACME IP Identifier Validation Extension, R. Shoemaker, July 2018, https://tools.ietf.org/html/draft-ietf-acme-ip-04.
ISO 17065:2012, Conformity assessment - Requirements for bodies certifying products, processes and services.
ISO 17442-1:2020, Financial services - Legal entity identifier (LEI) - Part 1: Assignment.
ISO 17442-2:2020, Financial services - Legal entity identifier (LEI) - Part 2: Application in digital Certificates.
ISO 21188:2006, Public key infrastructure for financial services -- Practices and policy framework.
Network and Certificate System Security Requirements, Version 1.7, available at https://cabforum.org/network-security-requirements/.
NIST SP 800-89, Recommendation for Obtaining Assurances for Digital Signature Applications. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-89.pdf.
RFC 2119, Request for Comments: 2119, Key words for use in RFCs to Indicate Requirement Levels. S. Bradner. March 1997.
RFC 3492, Request for Comments: 3492, Punycode: A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA). A. Costello. March 2003.
RFC 3647, Request for Comments: 3647, Internet X.509 Public Key Infrastructure: Certificate Policy and Certification Practices Framework. S. Chokhani, et al, November 2003.
RFC 3739, Request for Comments: 3739, Internet X.509 Public Key Infrastructure: Qualified Certificates Profile, S. Santesson, et al. March 2004.
RFC 3986, Request for Comments: 3986, Uniform Resource Identifier (URI): Generic Syntax. T. Berners-Lee, et al. January 2005.
RFC 5019, Request for Comments: 5019, The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments. A. Deacon, et al. September 2007.
RFC 5280, Request for Comments: 5280, Internet X.509 Public Key Infrastructure: Certificate and Certificate Revocation List (CRL) Profile. D. Cooper, et al. May 2008.
RFC 5322, Request for Comments: 5322, Internet Message Format, Resnick, October 2008.
RFC 5890, Request for Comments: 5890, Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework. J. Klensin. August 2010.
RFC 5952, Request for Comments: 5952, A Recommendation for IPv6 Address Text Representation. S. Kawamura, et al. August 2010.
RFC 6818, Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. January 2013.
RFC 6960, Request for Comments: 6960, X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. S. Santesson, et al. June 2013.
RFC 6962, Request for Comments: 6962, Certificate Transparency. B. Laurie, et al. June 2013.
RFC 7482, Request for Comments: 7482, Registration Data Access Protocol (RDAP) Query Format. A. Newton, et al. March 2015.
RFC 7301, Request for Comments: 7301, Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension. Friedl, Popov, Langley, Stephan, July 2014.
RFC 7538, Request For Comments: 7538, The Hypertext Transfer Protocol Status Code 308 (Permanent Redirect). J. Reschke. April 2015.
RFC 8398, Request for Comments: 8398, Internationalized Email Addresses in X.509 Certificates, MAY 2018. A. Melnikov, et al. May 2018.
RFC 8499, Request for Comments: 8499, DNS Terminology. P. Hoffman, et al. January 2019.
RFC 8555, Request for Comments: 8555, Automatic Certificate Management Environment (ACME). Barnes, Hoffman-Andrews, McCarney, Kasten, March 2019
RFC 8659, Request for Comments: 8659, DNS Certification Authority Authorization (CAA) Resource Record, Hallam-Baker, Stradling, Hoffman-Andrews, November 2019.
RFC 8737, Request for Comments: 8737, Automated Certificate Management Environment (ACME) TLS Application-Layer Protocol Negotiation (ALPN) Challenge Extension. Shoemaker, February 2020.
RFC 8738, Request for Comments: 8738, Automated Certificate Management Environment (ACME) IP Identifier Validation Extension. R.B.Shoemaker, Ed. February 2020.
RFC 8954, Request for Comments: 8954, Online Certificate Status Protocol (OCSP) Nonce Extension. M. Sahni, Ed. November 2020.
WebTrust for Certification Authorities, SSL Baseline with Network Security, available at https://www.cpacanada.ca/en/business-and-accounting-resources/audit-and-assurance/overview-of-webtrust-services/principles-and-criteria.
X.509, Recommendation ITU-T X.509 (08/2005) | ISO/IEC 9594-8:2005, Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks.
| Version | Date | Change owner | Note |
|---|---|---|---|
| 6.0 | 2025-07-22 | CA Policy Authority | Combined CPS 5.22 & TLS CP 4.11 into one document. |