CINXE.COM
Google Trust Services | FAQ and contact
<!doctype html> <html dir="ltr" lang="en"> <head> <meta charset="utf-8" /> <title>Google Trust Services | FAQ and contact</title> <meta name="title" content="Google Trust Services | FAQ and contact" /> <meta name="description" content="Google Trust Services" /> <meta name="image" content="https://lh3.googleusercontent.com/H_Se7b0boG1x7lGeGcwJv_eC4tTZ7meGsX2qoi21cm9fnkNpYbUG6vQgfDR2YuJoh-wFdS9lWJJzbGSj8vky7Y5_Jm9DNexoKZ2O" /> <meta name="viewport" content="width=device-width, minimum-scale=1, initial-scale=1" /> <link href="//fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700,400i,500i,700i|Google+Sans:400,500|Google+Sans+Display:400|Product+Sans:400&lang=en" rel="stylesheet" nonce="bFNMjIfM4vVoD5ye9ltzTA" /> <link rel="shortcut icon" href="https://www.google.com/favicon.ico" type="image/x-icon" /> <link rel="preconnect" href="https://gstatic.com" /> <link rel="preconnect" href="https://googletagmanager.com" /> <link rel="preconnect" href="https://google-analytics.com" /> <script src="https://www.google.com/recaptcha/api.js" async defer nonce="bFNMjIfM4vVoD5ye9ltzTA"></script> <link rel="canonical" href="https://pki.goog/faq/" /> <link href="/static/index.min.css?cache=35c3cdb" rel="stylesheet" type="text/css" media="all" nonce="bFNMjIfM4vVoD5ye9ltzTA" /> </head> <body class="glue-body"> <header class="glue-header glue-header--single"> <div class="glue-header__bar glue-header__bar--desktop glue-header__drawer"> <div class="glue-header__tier"> <div class="glue-header__container"> <div class="glue-header__lock-up"> <div class="glue-header__logo"> <a class="glue-header__logo-link" href="/" title="Google"> <div class="glue-header__logo-container"> <svg role="img" aria-hidden="true" class="glue-header__logo-svg" alt="Google logo" > <use xlink:href="/static/assets/img/glue-icons.svg#google-color-logo"></use> </svg> </div> <p class="glue-header__logo--product">Trust Services</p></a > </div> <a href="#page-content" class="glue-header__skip-content" aria-label="Skip to page content" > <p class="glue-header__skip-content-text">Jump to Content</p></a > </div> </div> <div class="glue-header__container glue-header__container--flex-auto"> <nav class="glue-header__link-bar"> <ul id="list-1" class="glue-header__list"> <li class="glue-header__item"> <a class="glue-header__link" href="/">Overview</a> </li> <li class="glue-header__item"> <a class="glue-header__link" href="/services/">Services</a> </li> <li class="glue-header__item"> <a class="glue-header__link" href="/repository/">Repository</a> </li> <li class="glue-header__item glue-header--is-active"> <a class="glue-header__link" href="/faq/">FAQ and contact</a> </li> <li class="glue-header__item"> <a class="glue-header__link" href="/testing/">Testing</a> </li> <li class="glue-header__item"> <a class="glue-header__link" href="/updates/">Updates</a> </li> </ul> </nav> </div> </div> </div> <div class="glue-header__bar glue-header__bar--mobile" id="drawer"> <div class="glue-header__tier"> <div class="glue-header__container"> <div class="glue-header__lock-up"> <div class="glue-header__hamburger glue-header__hamburger--first-tier"> <div class="glue-header__hamburger-wrapper"> <button type="button" class="glue-header__drawer-toggle-btn" aria-controls="drawer" aria-expanded="false" aria-label="Open the navigation drawer" > <svg role="img" class="glue-icon glue-icon--24px" alt="menu"> <use xlink:href="/static/assets/img/glue-icons.svg#menu"></use> </svg> </button> </div> </div> <div class="glue-header__logo"> <a class="glue-header__logo-link" href="/" title="Google"> <div class="glue-header__logo-container"> <svg role="img" aria-hidden="true" class="glue-header__logo-svg" alt="Google logo" > <use xlink:href="/static/assets/img/glue-icons.svg#google-color-logo"></use> </svg> <svg role="img" aria-hidden="true" class="glue-header__logo-svg" alt="Google logo" > <use xlink:href="/static/assets/img/glue-icons.svg#google-color-logo"></use> </svg> </div> <p class="glue-header__logo--product">Trust Services</p></a > </div> </div> </div> </div> </div> <div class="glue-header__drawer-backdrop"></div> </header> <div class="faq glue-page" id="page-content"> <div class="faq headline-container"> <h1 class="main-heading glue-headline">FAQ and contact</h1> </div> <div class="glue-grid accordion"> <div class="glue-grid__col glue-grid__col--span-2 glue-grid__col--span-0-sm"></div> <div class="glue-grid__col glue-grid__col--span-12"> <div class="glue-expansion-panels"> <div class="accordion-header faq"> <div> <h2 class="glue-eyebrow">Google Trust Services Certificates</h2> </div> <button class="glue-expansion-panels-toggle-all glue-button glue-button--low-emphasis glue-button--icon-right" > <span class="glue-expansion-panels__toggle-text glue-expansion-panels__toggle-text--expanded" >Expand all</span > <span class="glue-expansion-panels__toggle-text glue-expansion-panels__toggle-text--collapsed" >Collapse all</span > <svg role="img" aria-hidden="true" class="glue-icon" alt="expand"> <use xlink:href="/static/assets/img/glue-icons.svg#expand-all"></use> </svg> </button> </div> <div class="glue-expansion-panel" id="faq-29"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-29-content" > <h3 class="glue-expansion-panel__button-header"> How can I get a certificate from Google Trust Services? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-29-content"> <div class="accordion-item"> <p> All Google Cloud users can get certificates from Google Trust Services. For a description of this feature and how to set it up, please read the <a href="https://cloud.google.com/certificate-manager/docs/public-ca" rel="noopener" target="_blank" >Certificate Manager Public CA documentation</a > and the <a href="https://cloud.google.com/certificate-manager/docs/public-ca-tutorial" rel="noopener" target="_blank" >Certificate Manager Public CA tutorial</a >. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-23"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-23-content" > <h3 class="glue-expansion-panel__button-header"> Does Google only get certificates from Google Trust Services? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-23-content"> <div class="accordion-item"> <p> Google Trust Services issues most of the certificates used by Google and provides certificates for many other enterprises, Google Cloud customers and users. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-24"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-24-content" > <h3 class="glue-expansion-panel__button-header"> Does Google Trust Services only issue TLS certificates? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-24-content"> <div class="accordion-item"> <p> Google Trust Services offers TLS, <a href="https://web.dev/signed-exchanges/">Signed HTTP Exchange</a> and S/MIME certificates. See our Certification Practice Statements to better understand our issuance practices. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-validation-types"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-validation-types-content" > <h3 class="glue-expansion-panel__button-header"> What validation methods does Google Trust Services use? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-validation-types-content"> <div class="accordion-item"> <p> We use Domain Validation (DV) for all TLS and Signed HTTP Exchange certificates. Google Trust Services is a strong proponent of automation and DV offers robust and fully automated validation. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-19"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-19-content" > <h3 class="glue-expansion-panel__button-header"> Why does Google operate its own Certificate Authority? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-19-content"> <div class="accordion-item"> <p> Google operates globally and its customers expect a highly available, secure, and scalable service. </p> <p> By operating Google Trust Services as a dedicated entity in the Alphabet group, Google can best meet these expectations. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-26"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-26-content" > <h3 class="glue-expansion-panel__button-header"> How does Google Trust Services verify that a requestor is authorized to get certificates for a domain? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-26-content"> <div class="accordion-item"> <p> Google Trust Services performs a set of verifications before issuing a certificate. The exact steps can be found in our <a href="https://pki.goog/faq/#faq-6">Certification Practice Statement (CPS)</a >. You can find the current version of Google Trust Services' Certification Practice Statement <a href="https://pki.goog/repository/">in the Repository section</a>. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-IPCerts"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-IPCerts-content" > <h3 class="glue-expansion-panel__button-header"> Does Google Trust Services issue IP Certificates? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-IPCerts-content"> <div class="accordion-item"> <p> Yes, we issue TLS certificates that contain an IP address instead of a domain name in the certificate subject field. </p> <p> Control over internet IP addresses tends to change more frequently than control over domain names. For this reason we limit the lifetime of IP certificates to 10 days and only enable the capability to be issued IP certificates for customers who provide a valid business need. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-clientAuthCerts"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-clientAuthCerts-content" > <h3 class="glue-expansion-panel__button-header"> Does Google Trust Services issue client (clientAuth) Certificates? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-clientAuthCerts-content"> <div class="accordion-item"> <p> Yes, GTS will issue TLS certificates that contain the clientAuth capability, but only in conjunction with the serverAuth capability that is used by default. </p> <p> clientAuth and mTLS use cases are better suited for a private PKI, such as Google Cloud's <a href="https://cloud.google.com/certificate-authority-service/" >Certificate Authority Service</a >. </p> <p> The ability to get clientAuth certificates is likely to go away in the future as rules governing the WebPKI change. Chrome has signalled their intention to <a href="https://www.chromium.org/Home/chromium-security/root-ca-policy/moving-forward-together/#:~:text=a%20requirement%20that,affecting%20website%20authentication" > prohibit clientAuth in the WebPKI</a >. </p> <p> A Certificate Signing Request (CSR) that sets both the clientAuth and serverAuth capabilities may be created with OpenSSL: </p> <pre><code> $ openssl req -new -keyout my-site.key -out my-site.csr \ -subj "/CN=my-site.com" \ -addext extendedKeyUsage=clientAuth,serverAuth \ -addext subjectAltName=DNS:my-site.com,DNS:my-other-site.com </code></pre> <p> ACME clients differ a bit in terms of how to pass in a CSR, so check your ACME client's documentation, but generally it will be something like certbot, which uses a `--csr` flag instead of `--domains` for requests using a CSR. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-legal-requests"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-legal-requests-content" > <h3 class="glue-expansion-panel__button-header"> I have a legal / law enforcement request related to a Google Trust Services Certificate? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow alt=" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-legal-requests-content"> <div class="accordion-item"> <p> Please follow the reporting instructions at this <a href="https://support.google.com/legal/answer/3110420?hl=en" >Google Legal Help Center</a > page. </p> <p>Select 'Other' as the product under the 'See more products' option.</p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-revocation-timelines"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-revocation-timelines-content" > <h3 class="glue-expansion-panel__button-header"> How quickly must I be able to replace a certificate? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow alt=" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-revocation-timelines-content"> <div class="accordion-item"> <p> </p> As detailed in the Google Trust Services (GTS) Certification Practice Statement and Subscriber Agreement, GTS may need to revoke or opt to revoke for a number of reasons. Subscribers must be able to rotate certificates quickly should revocation be necessary. To prepare for revocation that may need to happen within a tight time interval, it is strongly suggested that subscribers use an ACME client with ACME Renewal Information (ARI) support and configure certificates such that they have fully automated lifecycle management. There are circumstances where Google may need to revoke within 24 hours or 5 days, even if doing so would cause adverse impact to a subscriber. </div> </div> <p><br></p> </div> <div> <h2 class="glue-eyebrow">CA Status Dashboard</h2> </div> <div class="glue-expansion-panel" id="faq-outage-status"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-outage-status-content" > <h3 class="glue-expansion-panel__button-header"> I want to know when there's an ongoing outage with your service. What should I do? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-outage-status-content"> <div class="accordion-item"> <p> View the <a href="https://status.pki.goog/" rel="noopener" target="_blank" >Google Trust Services Status Dashboard</a > to see the current status of services. Use the RSS Feed or JSON History links at the bottom of the page to view a feed of current and past issues. Every post to the dashboard will trigger a post to the feed. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-status-info"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-status-info-content" > <h3 class="glue-expansion-panel__button-header"> What type of status information can I find on the dashboard home page? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-status-info-content"> <div class="accordion-item"> <p> The Google Trust Services Status Dashboard provides information about services and APIs that are part of the Google Trust Services ACME API. If there is an active incident, information will be posted in the dashboard for each specific affected API and service. Status indicators are always shown, representing the overall health for each API and service, from one of the following: </p> <ul> <li> Service Outage: A production system or service is down. Workaround is not available or is not easily implemented. </li> <li> Service Disruption: A production system or service is partially impaired and/or does not work as expected. Workaround exists. </li> <li> Service Information: A production system or service is partially impaired and/or does not work as expected. Generally, the service is still available, impact is minor, and affects a small number of users. </li> <li>Available: Service is fully functional and working as expected.</li> </ul> </div> </div> </div> <div> <h2 class="glue-eyebrow">Trust / Root Stores</h2> </div> <div class="glue-expansion-panel" id="faq-21"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-21-content" > <h3 class="glue-expansion-panel__button-header"> Which Root Programs include Google Trust Services' CAs? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-21-content"> <div class="accordion-item"> <p> Currently Google Trust Services is trusted by Microsoft, Mozilla, Safari, Cisco, Oracle Java, Qihoo's 360 browser and Chrome. All browsers or operating systems that depend on these root programs are covered. </p> <p> In addition, some of Google Trust Services' root CAs may rely on a cross-signature to ensure optimal support across a wide range of devices. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-27"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-27-content" > <h3 class="glue-expansion-panel__button-header"> I'm building a product that connects to Google services. What CA certificates do I need to trust? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-27-content"> <div class="accordion-item"> <p> Google certificates are issued by different CAs depending on the current business needs and best practices. Therefore a certificate chain cannot be considered static. </p> <p> Developers of applications connecting to Google services must take this into consideration and never hardcode Intermediate or Root Certificate Authorities. Developers should instead build a robust mechanism to update the set of CAs trusted by their applications. </p> <p> Google services' certificates can be issued by any of the Certificate Authority from <a href="https://pki.goog/roots.pem">this regularly updated list</a>. Applications connecting to Google services should trust all the Certificate Authorities from that list. Beware that some tools do not support working with a PEM file that contains multiple certificates bundled together. We also maintain a <a href="https://pki.goog/roots.jks">Java KeyStore version</a> of the list. </p> <p> It is recommend that Developers continue keeping their root certificates stores in sync with the above curated root CA bundle to harden their services against future root CA changes, at least on a semi-annual basis. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-28"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-28-content" > <h3 class="glue-expansion-panel__button-header"> What are the recommended requirements for a TLS client to communicate with Google? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-28-content"> <div class="accordion-item"> <p> GTS does not provide or set a TLS policy, for Google or for any other entity. However, other organizations like <a href="https://wiki.mozilla.org/Security/Server_Side_TLS" rel="noopener" target="_blank" >Mozilla</a > and <a href="https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html" > OWASP</a > publish good recommendations. </p> </div> </div> </div> <div> <h2 class="glue-eyebrow">Security</h2> </div> <div class="glue-expansion-panel" id="faq-legacy-tls"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-legacy-tls-content" > <h3 class="glue-expansion-panel__button-header"> Why do many Google Services still allow connections using TLS 1.0 and TLS 1.1? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-legacy-tls-content"> <div class="accordion-item"> <p> Google Trust Services strongly advocates the use of TLS 1.3. The Google Front End (GFE) proxies which terminate TLS connections for most Google services prefer TLS 1.3 and have downgrade protections to ensure that a third party cannot force a client which supports TLS 1.3 to negotiate a less-secure version of the protocol. Our frontends will always use the newest version which a client supports. However, Google continues to support TLS 1.0 and TLS 1.1 in order to accommodate older clients which may be unable to upgrade. Some higher-security services do not offer support for TLS 1.0 or TLS 1.1. </p> <p> Google Cloud Load Balancer customers may set <a href="https://cloud.google.com/load-balancing/docs/ssl-policies-concepts"> SSL Policies</a > to enforce a minimum TLS version. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-30"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-30-content" > <h3 class="glue-expansion-panel__button-header"> What do I do if I encounter a certificate issued by Google Trust Services that I think should not have been issued? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-30-content"> <div class="accordion-item"> <p> Follow the revocation instructions below if you have control of the private key or can prove control of the domain. If you cannot self-revoke provide details via the contact form at the bottom of this page so we can investigate. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-31"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-31-content" > <h3 class="glue-expansion-panel__button-header"> What should I do if I encounter a private key bound with a certificate issued by Google Trust Services that has been leaked in some way? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-31-content"> <div class="accordion-item"> <p> Follow the revocation instructions below if you have control of the private key or can prove control of the domain. If you cannot self-revoke provide details via the contact form at the bottom of this page so we can investigate. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-revocation"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-revocation-content" > <h3 class="glue-expansion-panel__button-header"> How can I revoke a certificate issued by Google Trust Services? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-revocation-content"> <div class="accordion-item"> <p> There are multiple ways to revoke a certificate if can prove control of the domain(s) included in it or possession of the private key. </p> <p> Your ACME client's documentation will explain how that client has implemented <a href="https://datatracker.ietf.org/doc/html/rfc8555#section-7.6" rel="noopener" target="_blank" >ACME Revocation</a > </p> <p> If you cannot revoke via an ACME client, please use the <a href="#contact">contact form</a> at the bottom of this page to request manual revocation. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-32"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-32-content" > <h3 class="glue-expansion-panel__button-header"> How do I report a security incident involving a Google certificate? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-32-content"> <div class="accordion-item"> <p> If you are looking to report a security incident involving Google certificates, please follow the steps outlined at <a href="https://www.google.com/about/appsecurity/" rel="noopener" target="_blank" >Google security and product safety</a >. </p> <p> If you wish to report a probable phishing site that uses a Google Trust Services certificate, please report it via the <a href="https://safebrowsing.google.com/safebrowsing/report_phish/" rel="nopener" target="_blank" >Google Safe Browsing Phishing Report Form</a >. Please note, Google Trust Services follows the CA industry standard and does not revoke for probable phishing. Reporting to Safe Browsing is the best way to address suspected phishing sites. For additional information, please see the <a href="https://pki.goog/updates/abuse.html" rel="noopener" target="_blank" >Google Trust Services statement on abuse</a >. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-phishing"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-phishing-content" > <h3 class="glue-expansion-panel__button-header"> How do I report a suspected phishing site using a Google certificate? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-phishing-content"> <div class="accordion-item"> <p> If you wish to report a probable phishing site that uses a Google Trust Services certificate, please report it via the <a href="https://safebrowsing.google.com/safebrowsing/report_phish/" rel="nopener" target="_blank" >Google Safe Browsing Phishing Report Form</a >. Please note, Google Trust Services follows the CA industry standard and does not revoke for probable phishing. Reporting via Safe Browsing is the best way to address suspected phishing sites. </p> </div> </div> </div> <div> <h2 class="glue-eyebrow">WebPKI / Certificate Ecosystem</h2> </div> <div class="glue-expansion-panel" id="faq-abuse"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-abuse-content" > <h3 class="glue-expansion-panel__button-header"> How does Google Trust Services handle abuse (copyright, phishing, malware, etc.)? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-abuse-content"> <div class="accordion-item"> <p> Certificate Authorities have limited options to detect and prevent abuse. Please see the <a href="https://pki.goog/updates/abuse.html" >Google Trust Services statement on abuse</a> for more details. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-22"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-22-content" > <h3 class="glue-expansion-panel__button-header"> Does Google Trust Services cross-sign other CAs? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-22-content"> <div class="accordion-item"> <p>No.</p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-20"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-20-content" > <h3 class="glue-expansion-panel__button-header"> What is Google's relationship with Let's Encrypt? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-20-content"> <div class="accordion-item"> <p> Google is a financial supporter of Let's Encrypt and members of the Google Trust Services teams have helped, and continue to work closely with, Let's Encrypt to make the web safer and improve standards. </p> <p> Additionally, some Google products utilize Let's Encrypt for some use cases. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-25"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-25-content" > <h3 class="glue-expansion-panel__button-header"> Does Google log the certificates it issues to Certificate Transparency logs? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-25-content"> <div class="accordion-item"> <p> Yes. You can find guidance on how to search the Certificate Transparency logs in the <a href="https://transparencyreport.google.com/https/certificates" rel="noopener" target="_blank" >Google HTTPS Transparency Report</a > and <a href="https://certificate-transparency.org" rel="noopener" target="_blank" >certificate-transparency.org</a >. </p> </div> </div> </div> <div class="glue-expansion-panel" id="caa"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="caa-content" > <h3 class="glue-expansion-panel__button-header"> How do I configure CAA to explicitly authorize issuance by Google Trust Services </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="caa-content"> <div class="accordion-item"> <p> The Certification Authority Authorization (<a href="https://datatracker.ietf.org/doc/html/rfc6844" title="RFC 6844" >CAA</a >) DNS resource record enables you to specify one or more CAs that are authorized to issue certificates for your domain. If there is no CAA record, all CAs are allowed to issue for that domain. </p> <p> If you use CAA and want to authorize Google Trust Services, we are identified by our domain name: </p> <p><code>pki.goog</code></p> <p> For more information on how to configure CAA <a href="https://sslmate.com/caa/" title="SSLMate CAA Record Generator" >SSLMate maintains a tool</a > that makes it easy to create the necessary resource record. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-1"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-1-content" > <h3 class="glue-expansion-panel__button-header">What Are TLS/SSL Certificates?</h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-1-content"> <div class="accordion-item"> <p>A certificate binds a cryptographic key to an identity.</p> <p> TLS/SSL certificates are used to authenticate and establish secure connections to websites. Certificates are issued and cryptographically signed by entities known as Certificate Authorities. </p> <p> Browsers rely on certificates issued by trusted Certificate Authorities to know that the information transmitted is sent to the right server and that it is encrypted while in transit. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-2"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-2-content" > <h3 class="glue-expansion-panel__button-header"> What is Secure Sockets Layer (SSL)? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-2-content"> <div class="accordion-item"> <p> Secure Sockets Layer was the most widely deployed protocol used to encrypt internet communications. The SSL protocol isn't considered secure anymore and should not be used. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-3"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-3-content" > <h3 class="glue-expansion-panel__button-header"> What is Transport Layer Security (TLS)? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-3-content"> <div class="accordion-item"> <p>Transport Layer Security is the successor to SSL.</p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-4"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-4-content" > <h3 class="glue-expansion-panel__button-header"> What is a Certificate Authority (CA)? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-4-content"> <div class="accordion-item"> <p> A Certificate Authority is like a digital passport office for devices and people. It issues cryptographically protected documents (certificates) to attest that an entity (e.g. website) is who it claims to be. </p> <p> Prior to issuing a Certificate, CAs are responsible for verifying that the names in the Certificate are linked to the person or entity requesting it. </p> <p> The term Certificate Authority can refer to both organizations like Google Trust Services, and to systems which issue certificates. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-5"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-5-content" > <h3 class="glue-expansion-panel__button-header"> What is a Certificate Policy (CP)? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-5-content"> <div class="accordion-item"> <p> A Certificate Policy is a document published by a CA to state what entities belong to its Public Key Infrastructure and to define what their roles and duties are. You can find the current and previous versions of Google Trust Services's Certificate Policy in the <a href="https://pki.goog/repository/">Repository section of this website</a>. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-6"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-6-content" > <h3 class="glue-expansion-panel__button-header"> What is a Certification Practice Statement (CPS)? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-6-content"> <div class="accordion-item"> <p> A Certification Practice Statement is a document which describes a CA's issuance practice. It explains to subscribers and relying parties certain aspects of the CA's operation. You can find the current and previous versions of Google Trust Services's Certification Practice Statement in the <a href="https://pki.goog/repository/">Repository section</a>. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-7"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-7-content" > <h3 class="glue-expansion-panel__button-header">What is a Subscriber Agreement?</h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-7-content"> <div class="accordion-item"> <p> A Subscriber Agreement describes the rights and duties of a CA towards its Subscribers and vice versa. You can find the current and previous versions of Google Trust Services's Subscriber Agreement in the <a href="https://pki.goog/repository/">Repository section</a>. </p> <p> <span style=" font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; " > </span > </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-8"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-8-content" > <h3 class="glue-expansion-panel__button-header"> What is a Relying Party Agreement? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-8-content"> <div class="accordion-item"> <p> A Relying Party Agreement related to a certificate describes the responsibilities of everyone who relies on the certificate when visiting a website that uses it. </p> <p> For example, a user who relies on the TLS certificate for <a href="https://pki.goog">https://pki.goog</a> is a party to the GTS Relying Party Agreement. </p> <p> You can find the current and all previous versions of Google Trust Services's Relying Party Agreement in the <a href="https://pki.goog/repository/">Repository section</a>. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-9"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-9-content" > <h3 class="glue-expansion-panel__button-header"> What is Public Key Infrastructure (PKI)? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-9-content"> <div class="accordion-item"> <p> Public Key Infrastructure is a set of technologies, policies, and procedures that make it possible for a Certificate Authority to verify the identity of a certificate requestor, produce a certificate attesting to that verification, and for internet users to rely on the certificate. </p> <p>Public-key cryptography is the technology that makes this possible</p> <p> PKI is also used on internal networks but its most common use case is to enable encrypted communication on the web. Web browsers trust certificates issued by CAs included in their root certificates store. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-10"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-10-content" > <h3 class="glue-expansion-panel__button-header"> What is Public Key Cryptography? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-10-content"> <div class="accordion-item"> <p> Public Key Cryptography is a form of cryptography using key pairs. One of the keys is considered public and can be distributed widely, the other is considered private and must be kept secret. </p> <p> Data encrypted with a public key can be decrypted with the corresponding private key and vice-versa. </p> <p> This enables the concepts of digital signatures and public-key encryption which are the basic building blocks of protocols like TLS where two parties can authenticate each other and share encrypted data without prior exchange of secret information. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-11"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-11-content" > <h3 class="glue-expansion-panel__button-header"> What is a root certificates store? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-11-content"> <div class="accordion-item"> <p> A root certificates store contains a set of Certificate Authorities trusted by an Application Software Supplier. Most web browsers and operating systems have their own root certificates store. </p> <p> To be included in a root certificates store, the Certificate Authority must fulfil strict requirements set forth by the Application Software Supplier. Typically these include compliance with industry standards such as the CA/Browser Forum requirements. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-12"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-12-content" > <h3 class="glue-expansion-panel__button-header">What is the Web PKI?</h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-12-content"> <div class="accordion-item"> <p> Web PKI is the name of Public Key Infrastructure used by browsers and other user agents on the web. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-13"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-13-content" > <h3 class="glue-expansion-panel__button-header"> What is a Root Certificate Authority? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-13-content"> <div class="accordion-item"> <p> A Root Certificate Authority, or more correctly, its certificate, is the topmost certificate in a certificate chain. </p> <p> Root CA certificates are usually self-signed. The private keys associated with them are stored in highly secure facilities, and maintained in an offline state to protect them from unauthorized access. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-14"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-14-content" > <h3 class="glue-expansion-panel__button-header"> What is an Intermediate Certificate Authority? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-14-content"> <div class="accordion-item"> <p> An Intermediate Certificate Authority, or more correctly, its certificate, is a certificate that is used to sign other certificates in a certificate chain. </p> <p> Intermediate CAs primarily exist to enable online certificate issuance while allowing the Root CA certificate to remain offline. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-15"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-15-content" > <h3 class="glue-expansion-panel__button-header"> What is an Issuing Certificate Authority? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-15-content"> <div class="accordion-item"> <p> An Issuing Certificate Authority, or more correctly, its certificate, is the certificate that is used to sign the bottom most certificate in a certificate chain. </p> <p> This bottom most certificate is commonly called a subscriber certificate, end-entity certificate or leaf certificate. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-16"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-16-content" > <h3 class="glue-expansion-panel__button-header">What is a certificate chain?</h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-16-content"> <div class="accordion-item"> <p> Certificates are linked to (cryptographically signed by) their issuer. A certificate chain is made of a leaf-certificate, all its issuer certificates and a root certificate. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-17"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-17-content" > <h3 class="glue-expansion-panel__button-header">What is cross signing?</h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-17-content"> <div class="accordion-item"> <p> Application Software Suppliers Clients must update their root certificates store to include new CA certificates for them to be trusted by their products. It takes some time until products containing the new CA certificates are widely used. </p> <p> To increase compatibility with older clients, CA certificates can be "cross signed" by another older established CA. This effectively creates a second CA certificate for the same identity (name & key pair). </p> <p> Depending on the CAs included in their root certificates store, clients will build a different certificate chain up to a root they trust. </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-ocsp"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-ocsp-content" > <h3 class="glue-expansion-panel__button-header"> What are ocsp.google.com & o.pki.goog? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-ocsp-content"> <div class="accordion-item"> <p> ocsp.google.com and o.pki.goog are Google Trust Service's Online Certificate Status Protocol (OCSP) servers. OCSP provides information about the revocation status of digital certificates. OCSP is used by web browsers and other clients to check if a certificate has been revoked by its issuing Certificate Authority (CA). </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-oid"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-oid-content" > <h3 class="glue-expansion-panel__button-header">What OIDs does Google use?</h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-oid-content"> <div class="accordion-item"> <p> Google <a href="https://en.wikipedia.org/wiki/Object_identifier">OIDs</a> are available on our <a href="https://pki.goog/oids/index.html">OID page</a> </p> </div> </div> </div> <div class="glue-expansion-panel" id="faq-18"> <div class="glue-expansion-panel-toggle" data-glue-expansion-panel-toggle-for="faq-18-content" > <h3 class="glue-expansion-panel__button-header"> What is Certificate Transparency (CT)? </h3> <svg role="img" aria-hidden="true" class="glue-icon glue-expansion-panel__button-arrow" alt="expand" > <use xlink:href="/static/assets/img/glue-icons.svg#expand-more"></use> </svg> </div> <div class="glue-expansion-panel-content" id="faq-18-content"> <div class="accordion-item"> <p> See <a href="https://certificate.transparency.dev/" rel="noopener" target="_blank" >https://certificate.transparency.dev/</a >. </p> </div> </div> </div> </div> </div> </div> <div class="paragraph"> <h1 class="paragraph-title glue-headline glue-headline--headline-5"> You can contact us about certificate issues using the form below. </h1> <p class="paragraph-content glue-mod-spacer-3-bottom"></p> <p> <a name="contact" id="contact"></a ><a class="inline-link" href="https://pki.goog/contact/" rel="noopener" target="_blank" >Google Trust Services Contact Form</a > </p> <p> We will use the information you give us to respond to your request and to improve our services subject to Google's general <a class="inline-link" href="https://policies.google.com/privacy">privacy policy.</a> </p> </div> <div class="glue-grid"> <div class="address glue-grid__col glue-grid__col--span-6"> <address> Google Trust Services LLC<br /> 1600 Amphitheatre Parkway<br /> Mountain View, CA 94043 </address> </div> <div class="address glue-grid__col glue-grid__col--span-6"> <address> Google Trust Services Europe Ltd.<br /> 4 Barrow St, Grand Canal Dock,<br /> Dublin 4, D04 V4X7, Ireland </address> </div> </div> </div> <footer class="glue-footer"> <section class="glue-footer__global"> <div class="glue-footer__logo"> <a href="https://www.google.com" title="Google" aria-label="Google homepage" ><svg role="img" aria-hidden="true" class="glue-footer__logo-img" alt="Google logo"> <use xlink:href="/static/assets/img/glue-icons.svg#google-solid-logo"></use></svg ></a> </div> <ul class="glue-footer__global-links glue-no-bullet"> <li class="glue-footer__global-links-list-item"> <a class="glue-footer__link" href="https://policies.google.com/privacy">Privacy</a> </li> <li class="glue-footer__global-links-list-item"> <a class="glue-footer__link" href="https://policies.google.com/terms">Terms</a> </li> <li class="glue-footer__global-links-list-item"> <a class="glue-footer__link" href="https://about.google">About Google</a> </li> <li class="glue-footer__global-links-list-item"> <a class="glue-footer__link" href="https://about.google/products/">Google Products</a> </li> </ul> <ul class="glue-footer__global-links glue-footer__global-links--extra glue-no-bullet"> <li class="glue-footer__global-links-list-item glue-footer__global-links-list-item--extra" > <a class="glue-footer__link help" href="https://support.google.com/?hl=en" aria-label="Google support page" ><svg role="img" aria-hidden="true" class="glue-icon glue-icon--24px glue-icon--footer" alt="help" > <use xlink:href="/static/assets/img/glue-icons.svg#help"></use> </svg> <p>Help</p></a > </li> </ul> </section> </footer> <script data-gtm-id="GTM-TNCB39C" src="https://www.gstatic.com/brandstudio/kato/google_tag_manager_component/google_tag_manager_component.js?v=1592845003" nonce="bFNMjIfM4vVoD5ye9ltzTA"></script> <script async src="https://www.googletagmanager.com/gtag/js?id=G-JCEW5SPNPE" nonce="bFNMjIfM4vVoD5ye9ltzTA"></script> <script nonce="bFNMjIfM4vVoD5ye9ltzTA"> window.dataLayer = window.dataLayer || []; function gtag() { dataLayer.push(arguments); } gtag("js", new Date()); gtag("config", "G-JCEW5SPNPE"); </script> <noscript ><iframe class="gtm-iframe" src="https://www.googletagmanager.com/ns.html?id=GTM-TNCB39C" height="0" width="0" ></iframe ></noscript> <script data-autoload-cookie-consent-bar="true" data-autoload-cookie-consent-bar-intl-code="" src="https://www.gstatic.com/brandstudio/kato/cookie_choice_component/cookie_consent_bar.v3.js" nonce="bFNMjIfM4vVoD5ye9ltzTA"></script> <script src="https://www.gstatic.com/external_hosted/hammerjs/v2_0_2/hammer.min.js" nonce="bFNMjIfM4vVoD5ye9ltzTA"></script> <script src="/static/index.min.js?cache=1d74383" nonce="bFNMjIfM4vVoD5ye9ltzTA"></script> </body> </html>