Industry News

Google Blocks Rogue Digital Certificates from India

mitm cert

Google Blocks Rogue Digital Certificates from IndiaGoogle revoked four unauthorized digital certificates mis-issued by the National Informatics Centre (NIC) of India, a unit of India’s Ministry of Communications and Information Technology, according to Google’s Online Security blog.

The certificates were granted for three Google domains and one Yahoo domain, the company said in a recent update. “However, we are also aware of mis-issued certificates not included in that set of four and can only conclude that the scope of the breach is unknown,” said Adam Langley, a Google security engineer.

If left unsolved, flaws in the SSL certificate system can facilitate a wide range of security attacks, such as website spoofing, server impersonation and man-in-the-middle assaults.

The Indian Controller of Certifying Authorities (India CCA), the authority responsible for the certificates, also holds several intermediate CA certificates included in the Microsoft Root Store, which means they are trusted and implemented by most programs running on Windows, including Internet Explorer and Chrome.

Google says Firefox, Chrome running on operating systems other than Windows, Android, iOS and OS X have not been affected.

“Additionally, Chrome on Windows would not have accepted the certificates for Google sites because of public-key pinning, although misused certificates for other sites may exist,” Google’s security engineer added.

To protect users, Google plans to limit the India CCA root certificate for several domains, including,,,,, and Google also launched a Certificate Transparency project, which works as an open framework for monitoring and auditing SSL certificates in nearly real time.

About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.