[tor-talk] How to pin the SSL certificate for torproject.org?
Tom Ritter
tom at ritter.vg
Fri Jul 6 16:02:31 UTC 2012
On 6 July 2012 11:46, <proper at secure-mail.biz> wrote:
> A malicious certificate for torproject.org has been given out at least twice by broken certificate authorities. (Comodo, DigiNotar, who is next...)
>
> To prevent that in future, I'd like to pin the SSL certificate's fingerprint. How can that be done? Running an own local CA or is there an easier way?
In what application?
In Chrome, your best bet would be to compile Chromium and add the
project cert into their pinned list in the code before doing so.
In Firefox, you'd probably be best served by using Convergence or
CertPatrol to verify the certificate through external validators or
notify you if the certificate changes (respectively).
In other applications: IE, wget, curl, etc - there aren't any
'prebuilt' options - you'd have to write some sort of plugin or hook
yourself.
-tom
More information about the tor-talk
mailing list