136 private links
Historically, Chrome has integrated with the Root Store provided by the platform on which it is running. Chrome is in the process of transitioning certificate verification to use a common implementation on all platforms where it's under application control, namely Android, Chrome OS, Linux, Windows, and macOS. Apple policies prevent the Chrome Root Store and verifier from being used on Chrome for iOS. This will ensure users have a consistent experience across platforms, that developers have a consistent understanding of Chrome's behavior, and that Chrome will be better able to protect the security and privacy of users' connections to websites.
For CAs that already participate in other public Root Programs, such as the Mozilla Root Program, many of these requirements and processes should be familiar.
During this transition, the Chrome Root Store contains a variety of existing Certification Authorities' certificates that have historically worked in Chrome on the majority of supported platforms. This promotes interoperability on different devices and platforms, and minimizes compatibility issues. This should ensure as seamless a transition as possible for users.
In addition to compatibility considerations, CAs have been selected on the basis of past and current publicly available and verified information, such as that within the Common CA Certificate Database (CCADB).
For Certification Authorities that have not been included as part of this initial Chrome Root Store, questions can be directed to chrome-root-authority-program@google.com. Priority is given to CAs that are widely trusted on platforms that Chrome supports, in order to minimize compatibility issues.
Let's Encrypt will start signing certificates with its own root certificate,
ISRG Root X1. It was included in the Root Certificate program in 2016, but
there are still plenty of devices online that haven't received updates since
then (#TheHorror).
This module uses a rule-based rewriting engine (based on a regular-expression parser) to rewrite requested URLs on the fly. It supports an unlimited number of rules and an unlimited number of attached rule conditions for each rule, to provide a really flexible and powerful URL manipulation mechanism. The URL manipulations can depend on various tests, of server variables, environment variables, HTTP headers, or time stamps. Even external database lookups in various formats can be used to achieve highly granular URL matching. This module operates on the full URLs (including the path-info part) both in per-server context (httpd.conf) and per-directory context (.htaccess) and can generate query-string parts on result. The rewritten result can lead to internal sub-processing, external request redirection or even to an internal proxy throughput.