Connect with us

Hi, what are you looking for?


Cloud Security

Google Cloud Users Can Now Automate TLS Certificate Lifecycle

Google makes ACME API available to all Google Cloud users to allow them to automatically acquire and renew TLS certificates for free.

Google on Thursday announced the availability of its Automatic Certificate Management Environment (ACME) API for all Google Cloud users, allowing them to automatically acquire and renew TLS certificates for free.

The ACME protocol was designed to automate TLS certificate lifecycle through APIs that are supported by dozens of clients, and has become the standard for certificate management across the internet, with most TLS certificates in the WebPKI being issued by ACME certificate authorities.

The protocol’s automated certificate renewal capabilities ensure that users do not experience outages, which are common with manual certificate renewals.

Now available to all users with a Google Cloud account, the Google Trust Services ACME API has been used to issue over 200 million certificates during the preview period. According to Google, the API provides the same compatibility that major services offer.

“The service recently expanded support for Google Domains customers. By further opening up the service, we’re adding another tool to Google’s Cyber Security Advancements, keeping individuals, businesses, and governments safer online through highly trusted and free certificates,” Google says.

To enhance the certificate ecosystem, the internet giant also announced the ACME Renewal Information (ARI) standard for renewal management and the general availability of multi-perspective domain validation (MPDV), for an enhanced certificate issuance process.

An Internet Engineering Task Force (IETF) draft authored by Let’s Encrypt, ARI is an extension to the ACME protocol that helps renew certificates if revocation occurs before expiration.

Advertisement. Scroll to continue reading.

Via an API, it informs service operators when a certificate must be replaced, helping with the management of large certificate populations.

MPDV ensures that domain control verification is performed from multiple locations, to improve the reliability of validation by preventing localized attacks that attempt to trick the verification checks.  

Related: NSA Warns of Risks Posed by Wildcard Certificates, ALPACA Attacks

Related: Bug Forces Let’s Encrypt to Revoke 3 Million Certificates

Related: Mozilla Joins Apple, Google in Reducing TLS Certificate Lifespans

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility