12-15-2015

Ordering a .Onion Certificate from DigiCert

We recently fielded a high volume of questions about how to obtain a SSL Certificate for a .onion address. This blog post should provide basic answers to queries regarding .onion certificates.

Background

As of September, .onion is recognized as a special-use domain by the IESG, which means they can be secured with SSL Certificates. (Previously .onion was considered an internal name.) Publicly trusted certificates authenticate organizations to Tor users and are an essential part to fighting phishing and MITM attacks. The CA/B Forum outlined guidelines for vetting .onion names, which you can read here.

Certificates Available for .Onion Sites

The Tor project is dedicated to helping users browse the web anonymously. However, getting a SSL Certificate to identify yourself (or an organization) to users is not about anonymity. This makes ordering a SSL Certificate for a .onion site a complicated process, which is why DigiCert adheres to the CA/B Forum guidelines for .onion certificates. When ordering a .onion certificate, make sure to remember the following:

  • EV Certificates: DigiCert only offers Extended Validation Certificates for .onion addresses.
  • Wildcard name: There is a unique use-case for these .onion EV Certificates that allows for a wildcard name to be used (e.g., *.yourdomain.onion).
  • Validity period: Under the CA/B Forum guidelines, .onion certificates can be issued for a validity period no longer than 15 months. (The DigiCert system will automatically adjust the validity period to 15 months based on the application to secure a .onion common name.)

How to Order a Certificate for a .Onion Address

To purchase a certificate for your .onion site, simply order an EV SSL or EV Multi-Domain SSL Certificate and fill out the order form.

UP NEXT

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

Featured Stories

VMC Blog Featured Image

Getting Your Logo in Your User's Inbox: Tips Learned from the VMC Gmail Pilot

06-21-2021

What Makes Digital Signatures Secure

06-11-2021

How Vaccine Passports Could Change Digital Identity