Google Trust Services operates a number of CAs in accordance with our combined Certification Practice Statement (CPS) and Certificate Policy (CP), referred to as our CP/CPS. A CP/CPS is provided for both TLS and S/MIME CAs.
Our TLS CP/CPS provides information about the types of TLS certificates we issue, how we ensure they are trusted, which organizations belong to the Google Trust Services public key infrastructure (PKI) for TLS Certificates, and defines roles and duties.
Download the GTS CP/CPS <version> for TLS Certificates issued on or after <date>
View documentOur S/MIME CP/CPS provides information about the types of S/MIME certificates we issue, how we ensure they are trusted, which organizations belong to the Google Trust Services public key infrastructure (PKI) for S/MIME Certificates, and defines roles and duties.
Download the GTS CP/CPS <version> for S/MIME Certificates issued on or after <date>
View documentUse of Google Trust Services is subject to the Subscriber Agreement and the Relying Party Agreement.
The Subscriber Agreement describes your responsibilities as a user who has requested a certificate.
Download the Subscriber Agreement <version> for certificates issued on or after <date>
View documentThe Relying Party Agreement describes the responsibilities of everyone who relies on a certificate that the service has issued for a website.
Download the Relying Party Agreement <version> for certificates issued on or after <date>
View documentBelow are separate Certificate Policy and Certification Practice Statement documents that were in effect prior to the introduction of our combined CP/CPS documents.
Our Certification Practice Statement provides information about the types of certificates we issue and how we ensure they are trusted.
Download the GTS CPS <version> for certificates issued on or after <date>
View documentOur Certificate Policy states which organizations belong to the Google Trust Services public key infrastructure (PKI) for TLS Certificates and defines what their roles and duties are.
Download the GTS CP <version> for TLS Certificates issued on or after <date>
View documentOur Certificate Policy states which organizations belong to the Google Trust Services public key infrastructure (PKI) for S/MIME Certificates and defines what their roles and duties are.
Download the GTS CP <version> for S/MIME Certificates issued on or after <date>
View documentYou can test whether your products are compatible with our roots by following the test links for each root.
We do not currently operate root CAs.
The following CAs have been created to support direct or indirect certificate issuance.
Some of the Subordinate CAs use partitioned CRLs. For these Subordinate CAs, we provide a JSON file listing the URLs for the complete set of CRLs.
We do not currently operate subordinate CAs.
The following non-revoked, non-expired subordinate CAs are externally operated.
We do not currently have non-revoked, non-expired, externally operated subordinate CAs.
The following CAs have been created by external CAs upon Google's request, but are not part of the Google PKI.
We do not currently have non-revoked, non-expired, externally operated subordinate CAs.
The following CAs are operated by Google for special purposes. They are not included in Root programs and are not covered by WebTrust audits.
The following CAs are technically constrained. They are not covered by WebTrust audits.
The following Root CAs have been deprecated.
We do not currently have non-expired deprecated Root CAs.
The following subordinate CAs have been revoked.
We do not currently have non-expired revoked subordinate CAs.