[tor-project] Which domains have onion addresses with EV Certs

Mike Tigas mike at tig.as
Sat May 7 19:47:49 UTC 2016


Per Paul's question about EV onion certs specifically: the public
Certificate Transparency logs are pretty great. They allow some audit
trail on cert issuance, revocations, reissues, etc. -- and the data
includes the "browser-friendly" .onion EV certs that DigiCert is issuing.

https://www.certificate-transparency.org/

Comodo has a pretty decent search interface for CT logs that aggregates
the various log servers, so you can search for things like "%.onion":

https://crt.sh/?q=%25.onion

Looks like that search result list also includes subjectAltNames and
things like that for multi-domain certs, which is pretty nice.

But this'll only be for the few CA-issued EV certs that exist, not the
common cases of self-signed certs or onion sites serving TLS with their
clearnet domain cert. (Those two cases seem to be the bulk of the older
wiki lists and what Juha reported.)

Best,

-- 
Mike Tigas
News Applications Developer, ProPublica
https://www.propublica.org/
@mtigas | https://mike.tig.as/ | 0xA993E7156E0E9923

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20160507/4604f6cf/attachment.sig>


More information about the tor-project mailing list