adrelanos: > A malicious certificate for torproject.org has been given out at least > twice by broken certificate authorities. (Comodo, DigiNotar, who is next...) > > To prevent that in future, I'd like to pin the SSL certificate's > fingerprint. How can that be done? Running an own local CA or is there > an easier way? > > How to download the SSL public key from torproject.org and sign it with > a local CA? >
Old unsolved thread. This is now answered: https://sourceforge.net/p/whonix/wiki/Dev_sslcertpinning/ _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
