How DigiCert and its partners are putting trust to work to solve real problems today.
While the world is pushed—or forced—toward digitizing all business processes, workflows and functions, the lessons from the early days of the Internet can be a predictor of success. Learn how Digital Trust can make or break your strategy and how the wrong solution may be setting your organization up for failure in less than three years.
View the webinar on-demand: “Taming Certificate Sprawl”
Last updated: April 2022
We recently fielded a high volume of questions about how to obtain a TLS/SSL certificate for a .onion address. This blog post should provide basic answers to queries regarding .onion certificates.
As of 2015, .onion is recognized as a special-use domain by the IESG, which means they can be secured with TLS certificates. (Previously .onion was considered an internal name.) Publicly trusted certificates authenticate organizations to Tor users and are an essential part to fighting phishing and MITM attacks. The CA/B Forum outlined guidelines for vetting .onion names, which you can read here.
The Tor project is dedicated to helping users browse the web anonymously. However, getting a TLS certificate to identify yourself (or an organization) to users is not about anonymity. This makes ordering a TLS certificate for a .onion site a complicated process, which is why DigiCert adheres to the CA/B Forum guidelines for .onion certificates. When ordering a .onion certificate, make sure to remember the following:
To purchase a certificate for your .onion site, simply order an EV TLS or EV Multi-Domain TLS certificate and fill out the order form.
© 2023 DigiCert, Inc. All rights reserved.
Legal Repository WebTrust Audits Terms of Use Privacy Policy Accessibility Cookie Settings Privacy Request Form