Hell hath no fury like a search giant scorned. Google this week warned Symantec that, as of June 1, any certificates that don't meet transparency requirements will be deemed insecure.

The threat comes after Symantec revealed it had issued thousands of fraudulent security certificates for numerous domains, including Google.

Upon initial inspection in September, the software maker revealed that 23 SSL certificates—which allow secure connections from a Web server to a browser—were issued without the domain owner's knowledge.

With a few extra clicks, Google found several more questionable certificates. Then a month later, Symantec announced an additional 164 certificates over 76 sites, and 2,458 certificates issued for unregistered domains.

"It's obviously concerning that a CA [certificate authority] would have such a long-running issue and that they would be unable to assess its scope after being alerted to it and conducting an audit," software engineer Ryan Sleevi wrote in a blog post.

Related Google Yanks Trust for Chinese Digital Certificate Agency

So Google issued an ultimatum: Starting next summer, all Symantec-issued certificates must support the Chromium Certificate Transparency policy, or else. In the short term, the Web titan requested an updated incident report, in which Symantec explains why it did not detect the additional certificates found so easily by Google. And, in true detention-hall style, Google also asked Symantec what it thinks caused each slip-up, and what the company will do to fix them.

Symantec did not immediately respond to a request for comment.

Further Reading

Security Reviews