Google is working on a way to display better AMP URLs. This improvement relies on an emerging web packaging technology: Signed HTTP Exchange. The process works like this:
For more information about what Google is doing, see .
As part of the Signed HTTP Exchange technology specifications, the TLS certificate used to sign the exchange requires a special extension, CanSignHttpExchanges, and an Elliptic Curve Cryptography (ECC) keypair. ¶ºÒõ¹Ý is happy to be among the very first CAs to support this extension in an ECC TLS certificate as we seek to encourage innovative technologies and the advancement of web protocols.
You'll need two certificates for the server: one for TLS connections and one for signing the HTTP exchanges.
To get your TLS certificate with the CanSignHttpExchanges extension included so you can start testing out this AMP URL improvement, you'll need a CertCentral account with the HTTP Signed Exchange feature enabled. For more details, see .
Already have a ¶ºÒõ¹Ý account? Don't worry, our experts can help you manage your account. Reach out to your account representative or contact our Support team.