Symantec has apologised for Google certificates which the company said were “inappropriately issued”.
Google announced on 14 September that Symantec’s Thawte-branded CA issued an Extended Validation pre-certificate for the domains google.com and www.google.com.
“This pre-certificate was neither requested nor authorised by Google,” said Google.
Discussions with Symantec revealed that the issuance occurred during a Symantec testing process.
“Our primary consideration in these situations is always the security and privacy of our users; we currently do not have reason to believe they were at risk,” said Google.
Symantec responded, saying that a small number of test certificates were inappropriately issued internally for three domains during product testing.
“There was no direct impact to any of the domains and never any danger to the Internet,” the company said.
“Further, we are in the process of proactively notifying the domain owners and our major partners.”
Also see: Sustaining Digital Certificate Security