¶ºÒõ¹Ý

Security 101 12-15-2015

Ordering a .Onion Certificate from ¶ºÒõ¹Ý

¶ºÒõ¹Ý
digicert-blogimages-mar22

Last updated: April 2022

We recently fielded a high volume of questions about how to obtain a TLS/SSL certificateÌýfor a .onion address. This blog post should provide basic answers to queries regarding .onion certificates.

Background

As of 2015, .onion is recognized as a special-use domain by the IESG, which means they can be secured with TLS certificates. (Previously .onion was considered an internal name.) Publicly trusted certificates authenticate organizations to Tor users and are an essential part to fighting phishing and MITM attacks. The CA/B Forum outlined guidelines for vetting .onion names, which you can read .

Certificates available for .onion sites

The Tor project is dedicated to helping users browse the web anonymously. However, getting a TLS certificate toÌýidentify yourself (or an organization) to users is not about anonymity. This makes ordering a TLS certificate for a .onion site a complicatedÌýprocess, which is why ¶ºÒõ¹Ý adheres to the . When ordering a .onion certificate, make sure to remember the following:

  • EV certificates: ¶ºÒõ¹Ý only offers Extended Validation certificates for .onion addresses.
  • Wildcard name: There is a unique use-case for these .onion EV certificates that allows for a wildcard name to be used (e.g., *.yourdomain.onion).
  • Validity period: Under the CA/B Forum guidelines, .onion certificates can be issued for a validity period no longer than 15 months. (The ¶ºÒõ¹Ý system will automatically adjust the validity period to 15 months based on the application to secure a .onion common name.)

How to order a certificate for a .onion address

To purchase a certificate for your .onion site, simply order an EV TLS or EV Multi-Domain TLS certificate and fill out theÌýorder form.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-11-2024

FIPS 140-3 certification unlocked for ¶ºÒõ¹Ý TrustCore SDK

10-31-2024

Announcing the GA release of ¶ºÒõ¹Ý Device Trust Manager