Extended Validation Certificates are (Really, Really) Dead


I think EV is still the only type of non-selfsigned certificate granted for a .onion, but maybe that is also going to change sometime.

I am aware that SSL certificate doesn’t make sense with onions most of cases (unless you have the .onion and actual service on different servers or are Facebook/similar possibly).

Ah I didn’t even think of that situation! I very much hope this will push the CAB to allow DV certificates for .onion domains rather than only EV certificates, that would be fantastic.

I’m glad EV certificates are dead. Never made sense.

1 Like