💾 Archived View for kennedy.gemi.dev › certs › validator › about.gmi captured on 2024-03-21 at 15:09:36. Gemini links have been rewritten to link to archived content

-=-=-=-=-=-=-

🔏 Certificate and Key Validator

Getting a warning or error that a capsule's certificate or public key has changed can be scary. Why is the certificate or public key different?

Did the capsule innocently update it's certificate or public key?
Is a hacker trying to impersonate the capsule and trick you?

While the likelihood of someone trying to hack or trick you is extremely low, blindly clicking "yes" for security-related questions isn't a good habit. So how can someone determine if a change is innocent or malicious?

A good way to find out is by communicating with someone else and asking them what certificate or public key they received from the capsule. If the warning or error you are seeing is caused by an innocent certificate change, the other person should see the same certificate and public key as you see. If the other person sees something different, it's possible that someone is trying to trick you.

Kennedy's Certificate and Key Validator lets you do this:

You submit a URL or domain name to Kennedy.
Kennedy accesses the capsule and looks at the certificate and public key.
Kennedy computes and displays the common secure hashes or "fingerprints" of the certificate that various Gemini clients use.
You compare the fingerprints of the certificate or key that Kennedy is getting with what you are getting.
If they match, this is most likely an innocent update on the capsule. You can proceed.
If they don't match, something strange could be happening, and you should not proceed.

Validate a capsule's certificate and public key