- I'm building or using a product that connects to Google services. What CA certificates do I need to trust?
- How can I get a certificate from Google Trust Services?
- Does Google only get certificates from Google Trust Services?
- Does Google Trust Services only issue TLS certificates?
- What validation methods does Google Trust Services use?
- Why does Google operate its own Certificate Authority?
- How does Google Trust Services verify that a requestor is authorized to get certificates for a domain?
- Does Google Trust Services issue IP Certificates?
- Does Google Trust Services issue client (clientAuth) Certificates?
- I have a legal / law enforcement request related to a Google Trust Services Certificate?
- How quickly must I be able to replace a certificate?
- Why is a certificate I've requested not being issued?
- I want to know when there's an ongoing outage with your service. What should I do?
- What type of status information can I find on the dashboard home page?
- Which Root Programs include Google Trust Services' CAs?
- What are the recommended requirements for a TLS client to communicate with Google?
- Why do many Google Services still allow connections using TLS 1.0 and TLS 1.1?
- Should I use a wildcard certificate?
- What do I do if I encounter a certificate issued by Google Trust Services that I think shouldn't have been issued?
- What should I do if I encounter a private key bound with a certificate issued by Google Trust Services that has been leaked in some way?
- How can I revoke a certificate issued by Google Trust Services?
- How do I report a security incident involving a Google certificate?
- How do I report a suspected phishing site using a Google certificate?
- How does Google Trust Services handle abuse (copyright, phishing, malware, etc.)?
- Does Google Trust Services cross-sign other CAs?
- What is Google's relationship with Let's Encrypt?
- Does Google log the certificates it issues to Certificate Transparency logs?
- How do I configure CAA to explicitly authorize issuance by Google Trust Services
- What Are TLS/SSL Certificates?
- What is Secure Sockets Layer (SSL)?
- What is Transport Layer Security (TLS)?
- What is a Certificate Authority (CA)?
- What is a Certificate Policy (CP)?
- What is a Certification Practice Statement (CPS)?
- What is a Subscriber Agreement?
- What is a Relying Party Agreement?
- What is Public Key Infrastructure (PKI)?
- What is Public Key Cryptography?
- What is a root certificates store?
- What is the Web PKI?
- What is a Root Certificate Authority?
- What is an Intermediate Certificate Authority?
- What is an Issuing Certificate Authority?
- What is a certificate chain?
- What is cross signing?
- What are ocsp.google.com & o.pki.goog?
- What OIDs does Google use?
- What is Certificate Transparency (CT)?
- What if I need to solve multiple challenges for the same domain?
- What is Multi-Perspective Issuance Corroboration (MPIC) and how does it affect my certificates?
- What is the availability of the GTS Revocation Data?
FAQ and Contact
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-04-14 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2026-04-14 UTC."],[],[]]