Google is working on a way to display better AMP URLs. This improvement relies on an emerging web packaging technology: Signed HTTP Exchange. The process works like this:
For more information about what Google is doing, see Signed HTTP Exchanges.
As part of the Signed HTTP Exchange technology specifications, the TLS certificate used to sign the exchange requires a special extension, CanSignHttpExchanges, and an Elliptic Curve Cryptography (ECC) keypair. DigiCert is happy to be among the very first CAs to support this extension in an ECC TLS certificate as we seek to encourage innovative technologies and the advancement of web protocols.
You'll need two certificates for the server: one for TLS connections and one for signing the HTTP exchanges.
To get your TLS certificate with the CanSignHttpExchanges extension included so you can start testing out this AMP URL improvement, you'll need a CertCentral account with the HTTP Signed Exchange feature enabled. For more details, see Get your Signed HTTP Exchange certificate.