In simple terms, CNNIC issued certificates to Egypt –based MCS Holdings in the name of various Google domains, which is eventually was used as a man-in-the-middle attack. It could then be used to intercept data by fooling browsers that they were legitimate security certificates issued to the true domain.
As part of the agreement which all certificate authorities are bound to, they are not permitted to issue a certificates for domains that are not under the control of the requesting party. In essence the should stop anyone from being issued a certificate for a site such as Google.com, unless they own the domain.
This does bring up the issue where users need to ensure they are buying a secure certificate from a legitimate source. Especially with the HTTPS ranking boost, albeit a small one, many website owners are purchasing cheap security certificates without knowing how legitimate the certificate sellers actually are.
CNNIC claims there will be no impact on any of our current customers, however it wouldn’t be surprising to see many websites changing from CNNIC as a result.
While both Google Chrome and Mozilla Firefox state they will no longer trust CNNIC certificates in their browsers, Microsoft is still investigating the possibility.
And it is probably worth double checking to ensure that your certificate does not somehow traced back to CNNIC, but also to just research how legitimate the companies are you purchased certificates from, as this unfortunately probably will not be the last time we hear of some sort of shady certificate shenanigans going on.
Jennifer Slegg
Latest posts by Jennifer Slegg (see all)
- 2022 Update for Google Quality Rater Guidelines – Big YMYL Updates - August 1, 2022
- Google Quality Rater Guidelines: The Low Quality 2021 Update - October 19, 2021
- Rethinking Affiliate Sites With Google’s Product Review Update - April 23, 2021
- New Google Quality Rater Guidelines, Update Adds Emphasis on Needs Met - October 16, 2020
- Google Updates Experiment Statistics for Quality Raters - October 6, 2020