Share
Report
145Hi All... I am using Google Maps API autocomplete address functionality in Account and Contact entity to auto fill the address while typing the address. For this, I have purchased a subscription to get 2500 searched/day. Friday I recieved an email with the subject "Google Maps API support— Google Root CA migration". Please let me know if I have to do anything due to this? Below is the email description:-
************************************************************
Hello Google Maps API customer,
As announced in the Google Security Blog and the Google Cloud Support Portal news, Google has started a multi-year migration from Google Internet Authority G2 (GIAG2), issued by a third-party root Certificate Authority (CA), to certificate chains issued by Google-owned root CAs. The migration has now also begun on Google Maps APIs, and will soon affect all our customers.
To give our customers more time to migrate their applications, Google has purchased two widely trusted, existing root CAs, GlobalSign (GS) R2 and R4, and is currently rolling out Google Internet Authority G3 (GIAG3) issued certificates anchored in the GS R2 root CA.
However, after we received reports of service interruptions during the initial stages of our certificate rollout, it became evident that the number of customers lacking the required certificates might be larger than anticipated. Therefore, the rollout is on hold until end of October 2017 to allow you to check and update your certificate stores.
What you need to know
We recommend that you:
1. Immediately verify that your services can connect to our Google certificate test sandbox (cert-test.sandbox.google.com).
2. If they can't, update your certificate store by end of October, following the general instructions below.
3. Star the public issue to get up to date information about the certificate rollout.
You are at greatest risk of service disruptions if any of the following apply:
• You maintain your own trusted root CA bundles.
• You have been unable to keep your production environment patched up.
• You have been forced to configure your application to explicitly trust GIAG2 or specific Google server certificates.
General instructions
Although trusting the GS R2 root CA is enough to ensure uninterrupted operation of your application during the first phase of the migration, we still recommend that you test whether your application environment can connect to each test site of our new root CAs, listed on the Google Trust Services (GTS) homepage. The relevant tests are marked by a 'g' in the Tests column on the page. (Note: your browser might not yet trust the new GTS root CAs!) We furthermore recommend our customers check that they also trust the GS R3 root certificate, verifiable using the test site (valid.r3.roots.globalsign.com) linked from the GlobalSign support page.
• If your system can connect to all of the below test sites it's already future-proof, and should be able to handle the entire multi-year root CA migration to GTS without any interruptions:
o cert-test.sandbox.google.com
o https://good.r1demo.pki.goog/
o https://good.r2demo.pki.goog/
o https://good.r3demo.pki.goog/
o https://good.r4demo.pki.goog/
o good.gsr2demo.pki.goog
o valid.r3.roots.globalsign.com
o If your system can connect to cert-test.sandbox.google.com, your application will continue to work until 2019, but we still urge you to refresh the list of trusted root CAs used by your application now, to prevent future interruptions. The new root certificates (including GS R3) can be downloaded in a single PEM file, as mentioned in the GTS FAQ.
o If your system can't connect to cert-test.sandbox.google.com, you need to update your application certificate store immediately to avoid risking service interruptions during the imminent migration.
If your system can't connect to any of the listed test sites, refer to your operating system specific documentation for instructions on how to update your certificate stores, as the process for updating the list of trusted root CAs varies per system.
Need more help?
• Star the public issue for updates.
• Check out the root CA migration specific FAQ in the support portal for more tips and instructions.
• If you can't find what you need in the FAQ, you may always file a support case. While we may not be able to provide system specific instructions, we can provide general guidance. We also actively update the FAQ and public issue whenever we learn something that might be universally applicable while helping our customers with this issue.
• The Google Security Blog and GTS FAQ also provide further context and background information.
Best regards,
The Google Maps API Support Team
*This post is locked for comments
All responses (
Answers (
