Very easily, in fact
2.Determining if it will react to certificate authority changes. and proceed to next step if it doesn't.
3.Generate a trusted certificate with an extra certificate in x509 chain.
If you don't know already google has a CA. so they can
Once you know enough about browsers, https, tcp, x509, rsa, CAs, protocol design, 802.XX, ... it's will become trivial.