Re: [tor-relays] tor hidden services & SSL EV certificate

On 12/29/2015 10:25 AM, Benoit Chesneau wrote:

I was at the talk this afternoon at the 32c3 and <i am wondering where can get a certificate for a .onion. Any service to suggest? Also where I should see to configure it correctly?

• benoit

You don't need one. Hidden services automatically get end-to-end authentication and encryption. Since that is handled by Tor and not by the browser, hidden service addresses use "http" rather than "https", but in this case the connection is nevertheless encrypted. It's technically redundant to add HTTPS. A few hidden services have added an HTTPS cert but I think that's mostly for a publicity stunt than anything else.