[tor-project] Which domains have onion addresses with EV Certs

Mike Tigas mike at tig.as
Sat May 7 19:47:49 UTC 2016

Per Paul's question about EV onion certs specifically: the public
Certificate Transparency logs are pretty great. They allow some audit
trail on cert issuance, revocations, reissues, etc. -- and the data
includes the "browser-friendly" .onion EV certs that DigiCert is issuing.


Comodo has a pretty decent search interface for CT logs that aggregates
the various log servers, so you can search for things like "%.onion":


Looks like that search result list also includes subjectAltNames and
things like that for multi-domain certs, which is pretty nice.

But this'll only be for the few CA-issued EV certs that exist, not the
common cases of self-signed certs or onion sites serving TLS with their
clearnet domain cert. (Those two cases seem to be the bulk of the older
wiki lists and what Juha reported.)


Mike Tigas
News Applications Developer, ProPublica
@mtigas | https://mike.tig.as/ | 0xA993E7156E0E9923

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20160507/4604f6cf/attachment.sig>

More information about the tor-project mailing list