On September 18, Google reported the issuance of a not request and not authorized digital EV (Extended Validation) certificate, by Symantec’s Thawte Certification Authority, for google.com and www.google.com domains. In successive internal audits, Symantec delimited the incident to the issue of test certificates, but the inconsistency of the audits led Google to issue a tough review and place several requirements so that Symantec certificates can continue to be used in Google products.

[ full post in Portuguese ]