What are certificates?
On the internet, a public key certificate is needed in order to verify the identity of people or computers. These certificates are also called “SSL Certificates” or “Identity Certificates.” We will just call them “certificates” here.
In particular, certificates are needed to establish secure connections. Without certificates, you would be able to ensure that no one else was listening, but you might be talking to the wrong computer altogether! All Cyberguerrilla servers and all Cyberguerrilla services allow or require secure connections.
To make sure you are actually creating a secure connection with Cyberguerrilla, you can follow the below steps to verify our certificates. This verification process is not required in order to use Cyberguerrilla’s services. However, without verification, you cannot be certain you actually are connecting to our servers, and you cannot be certain that your connections are secure.
Verify Cyberguerrilla’s certificates
To verify these fingerprints, you need to look at what your browser believes the fingerprints are for the certificates and compare them to what is listed below. If they are different, there is a problem. Be warned: a complete verification is difficult and requires an understanding of OpenPGP.
The fingerprint for Cyberguerrilla’s certificates are:
- [ClearNet cyberguerrilla.org] cyberguerrilla.org
- [ClearNet cyberguerrilla.info] cyberguerrilla.info
This test will make a large number of connections to the server and will take around 2-5 minutes.
CyberGuerrilla Autonomous Nexus tech collective uses mandatory encryption on every domain or sub-domain it host!
As of January, 2016, the following are the fingerprints for CgAn’s certificates:
CgAn uses Let’s Encrypt certificates, Let’s Encrypt certificates currently has a 60 day lifetime.
- When an attacker compromises a certificate’s private key, they may bypass revocation checks and use that certificate until it expires. Shorter lifetimes decrease the compromise window in situations like Heartbleed.
- Offering free certificates with a shorter lifetime provides encouragement for operators to automate issuance. Automated issuance decreases accidental expiration, which in turn may reduce warning-blindness in end-users.
- Let’s Encrypt’s total capacity is bound by its OCSP signing capacity, and LE is required to sign OCSP responses for each certificate until it expires. Shorter expiry period means less overhead for certificates that were issued and then discarded, which in turn means higher total issuance capacity.
To check the fingerprint’s for CgAn certificates follow this url.
When should I verify these fingerprints?
You should verify these fingerprints whenever they change, or you are using a computer that you do not control (such as at an internet cafe, or a library). Find the fingerprint of the certificate in your browser. In most browsers, you can do this by clicking on the lock icon located in the location bar. This should bring up details about the certificate being used, including the fingerprint. Compare the fingerprint the browser reports with the fingerprints listed above.
If you want to better understand how our website certificate is deployed, use this link.
This test will make a large number of connections to the server and will take around 2-5 minutes.
Cyberguerrilla Autonomous Nexus tech collective uses mandatory encryption on every domain or sub-domain it host!
If u want to test our XMPP (Jabber) server jab.cyberguerrilla.org
- You can follow any responses to this entry through the .