Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

HOWTO: confirm authenticity of cryptostorm.is & cryptostorm.org SSL certs

Looking for a bit more than customer support, and want to learn more about what cryptostorm is , what we've been announcing lately, and how the cryptostorm network makes the magic? This is a great place to start, so make yourself at home!
User avatar

Topic Author
cryptostorm_admin
ForumHelper
Posts: 74
Joined: Tue Jan 01, 2013 5:43 pm
Contact:

HOWTO: confirm authenticity of cryptostorm.is & cryptostorm.org SSL certs

Postby cryptostorm_admin » Sat Feb 14, 2015 11:11 am

{direct link: cryptostorm.org/sslcerts}

Here are the currently-installed SSL certificates (public exponent) for our two main production websites, cryptostorm.org & cryptostorm.is. We will also add certificate materials for secondary domains such as torstorm.org, as well as keep this post updated with current materials as we upgrade or otherwise adjust our CA credentials server-side.

Note that neither of these two identity-verifying server certificates are part of connections to cryptostorm's network; rather, they simply exist to confirm that the websites folks are visiting using TLS/SSL (https protocol) are actually the websites we run, and not a Man-In-The-Middle replacement undertaken by an attacker.

Since there is very little sensitive information passed back and forth to these two websites - certainly nothing relating to secure connections to the cryptostorm network which is entirely decoupled from these websites and even the physical servers on which they are hosted - this is somewhat overkill. Indeed, these certificates are not part of the actual encipherment of https packets that takes place when visits to these two websites are undertaken; that process happens within the context of ephemerally-generated cryptographic keying algorithms, and is not dependent on PKI credentials to function (except insofar as such credentials, of course, confirm the identity of the server-side entity initiating the cryptographically-secured communications channel).

Even so, it is good security practice, and helps us to become comfortable with the concepts of cryptographic identity validation, MiTM attack vectors, spoofed credentials, hash fingerprint collision attacks, and so forth. (these cert materials are used to validate some of our TLS-secured email communications, as well)


for cryptostorm.is
(which we are in process of replacing; more news when that process has completed)
SHA1 fingerprint (which we prefer not to use given cipher weakness - more info): 34733139F5970913F0DEB376E17070A446AA782C
MD5 fingerprint (even worse): B90CC8CC7122E89ABBBE7CDFB53A3FC7
serial number: c4:21:3a:92:fc:d7:46:2f:e7:f6:69:a3:cb:56:2c:49
serial number (base-10): 260701220995494372255927105941767859273
OSCP authority verification: ocsp.comodoca.com
certificate revocation authority: issuing CA (Comodo)
certificate signature algorithm: SHA256 / RSA 2048 keylength
domain control validation: keybase.io

ASCII-armoured PEM format:
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgIRAMQhOpL810Yv5/Zpo8tWLEkwDQYJKoZIhvcNAQELBQAw
gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
Q0EwHhcNMTUwMTIwMDAwMDAwWhcNMTYwMTIwMjM1OTU5WjBWMSEwHwYDVQQLExhE
b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNVBAsTC1Bvc2l0aXZlU1NMMRsw
GQYDVQQDExJ3d3cuY3J5cHRvc3Rvcm0uaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDEL3wURN59oW8NW8PSYiWZyJbXqodys9rvhkuCRkGRt7/K/laI
INqx5VK+koLp+iqW22SOdvejYYL9tpcjt4DZZ2aGF/x0kmKfw9iu61+VCJx1WYRG
VhAGxCx5kHebkDZUvINIjm0MIP/NeL/76bsG8OUmuZQ0YBdJ8Cvc6b2OVEkGU99z
FWdkTm6xEpTfS9defs7OVBLrP08PUaGErj3KUT7cvpT5wqXo0/v2S9Cux59WpXRb
5jW4VYmnRqJ8nX2+Yv84+QPy6AAjumIZVTfW5vRRpFe3LsKefxyPdeelrWjF565H
p/RZAkbq54AuKkbyaPAi8NYhNEmkrROfVH/1AgMBAAGjggHfMIIB2zAfBgNVHSME
GDAWgBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQUZHMCJ7O3N16EkAH1
NvWgTRpdo1UwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGyMQECAgcw
KzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwCAYG
Z4EMAQIBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2RvY2EuY29t
L0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYUG
CCsGAQUFBwEBBHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21vZG9jYS5j
b20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAk
BggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMC0GA1UdEQQmMCSC
End3dy5jcnlwdG9zdG9ybS5pc4IOY3J5cHRvc3Rvcm0uaXMwDQYJKoZIhvcNAQEL
BQADggEBABY+7Su6jV9/1oV+RfrYwRVWyM3Dt0a5O5QMF1GqeJ/XagfDKwpJR4OU
KgDNABKS2j809ztiWfsKL+PAIxRpK4RmCfiAjfSRKWNKBvrM+vbzqKDA+h00lBcp
mZlavX/9IgJmsIruWL/P1KaSl0ebhX3jjYbw8qMKEzRkCHoIZK52Oh9MmzJU7t03
Fg9u9Ci8JgicvODK7jQTwri8IdSCorBNHhmU4xjwqKelwt6lDKV604FBUZdzZp2U
TbCA03+jejfb9dNKlAUgEFYrXH/UMzZCwgrInzXiScaQUxn4JGpJpI7ltfJA821J
qNt64AKoQe53hDyuoHdKCdSXeBtWGtE=
-----END CERTIFICATE-----


unpacked x.509 content:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c4:21:3a:92:fc:d7:46:2f:e7:f6:69:a3:cb:56:2c:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
Validity
Not Before: Jan 20 00:00:00 2015 GMT
Not After : Jan 20 23:59:59 2016 GMT
Subject: OU = Domain Control Validated, OU = PositiveSSL, CN = http://www.cryptostorm.is
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c4:2f:7c:14:44:de:7d:a1:6f:0d:5b:c3:d2:62:
25:99:c8:96:d7:aa:87:72:b3:da:ef:86:4b:82:46:
41:91:b7:bf:ca:fe:56:88:20:da:b1:e5:52:be:92:
82:e9:fa:2a:96:db:64:8e:76:f7:a3:61:82:fd:b6:
97:23:b7:80:d9:67:66:86:17:fc:74:92:62:9f:c3:
d8:ae:eb:5f:95:08:9c:75:59:84:46:56:10:06:c4:
2c:79:90:77:9b:90:36:54:bc:83:48:8e:6d:0c:20:
ff:cd:78:bf:fb:e9:bb:06:f0:e5:26:b9:94:34:60:
17:49:f0:2b:dc:e9:bd:8e:54:49:06:53:df:73:15:
67:64:4e:6e:b1:12:94:df:4b:d7:5e:7e:ce:ce:54:
12:eb:3f:4f:0f:51:a1:84:ae:3d:ca:51:3e:dc:be:
94:f9:c2:a5:e8:d3:fb:f6:4b:d0:ae:c7:9f:56:a5:
74:5b:e6:35:b8:55:89:a7:46:a2:7c:9d:7d:be:62:
ff:38:f9:03:f2:e8:00:23:ba:62:19:55:37:d6:e6:
f4:51:a4:57:b7:2e:c2:9e:7f:1c:8f:75:e7:a5:ad:
68:c5:e7:ae:47:a7:f4:59:02:46:ea:e7:80:2e:2a:
46:f2:68:f0:22:f0:d6:21:34:49:a4:ad:13:9f:54:
7f:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7

X509v3 Subject Key Identifier:
64:73:02:27:B3:B7:37:5E:84:90:01:F5:36:F5:A0:4D:1A:5D:A3:55
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.2.7
CPS: https://secure.comodo.com/CPS
Policy: 2.23.140.1.2.1

X509v3 CRL Distribution Points:

Full Name:
URI:http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl

Authority Information Access:
CA Issuers - URI:http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt
OCSP - URI:http://ocsp.comodoca.com

X509v3 Subject Alternative Name:
DNS:www.cryptostorm.is, DNS:cryptostorm.is
Signature Algorithm: sha256WithRSAEncryption
16:3e:ed:2b:ba:8d:5f:7f:d6:85:7e:45:fa:d8:c1:15:56:c8:
cd:c3:b7:46:b9:3b:94:0c:17:51:aa:78:9f:d7:6a:07:c3:2b:
0a:49:47:83:94:2a:00:cd:00:12:92:da:3f:34:f7:3b:62:59:
fb:0a:2f:e3:c0:23:14:69:2b:84:66:09:f8:80:8d:f4:91:29:
63:4a:06:fa:cc:fa:f6:f3:a8:a0:c0:fa:1d:34:94:17:29:99:
99:5a:bd:7f:fd:22:02:66:b0:8a:ee:58:bf:cf:d4:a6:92:97:
47:9b:85:7d:e3:8d:86:f0:f2:a3:0a:13:34:64:08:7a:08:64:
ae:76:3a:1f:4c:9b:32:54:ee:dd:37:16:0f:6e:f4:28:bc:26:
08:9c:bc:e0:ca:ee:34:13:c2:b8:bc:21:d4:82:a2:b0:4d:1e:
19:94:e3:18:f0:a8:a7:a5:c2:de:a5:0c:a5:7a:d3:81:41:51:
97:73:66:9d:94:4d:b0:80:d3:7f:a3:7a:37:db:f5:d3:4a:94:
05:20:10:56:2b:5c:7f:d4:33:36:42:c2:0a:c8:9f:35:e2:49:
c6:90:53:19:f8:24:6a:49:a4:8e:e5:b5:f2:40:f3:6d:49:a8:
db:7a:e0:02:a8:41:ee:77:84:3c:ae:a0:77:4a:09:d4:97:78:
1b:56:1a:d1



for cryptostorm.org
SHA1 fingerprint (which we prefer not to use given cipher weakness - more info): 0B2FFB917D3F854D8CC20EB8D5A058EDC5BFCB77
MD5 fingerprint (even worse): 1BA0B5743FB92D90176F19A8F2E8956F
serial number: 45:e6:3b:46:68:5e:58:64:2a:74:15:2b:3b:1f:83:ac
serial number (base-10): 92912162227060694496431001262811481004
OSCP authority verification: ocsp.comodoca.com
certificate revocation authority: issuing CA (Comodo)
certificate signature algorithm: SHA256 / RSA 2048 keylength
domain control validation: keybase.io

ASCII-armoured PEM format:
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgIQReY7RmheWGQqdBUrOx+DrDANBgkqhkiG9w0BAQsFADCB
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0xNDA4MTkwMDAwMDBaFw0xNzA4MTgyMzU5NTlaMFMxITAfBgNVBAsTGERv
bWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UECxMLUG9zaXRpdmVTU0wxGDAW
BgNVBAMTD2NyeXB0b3N0b3JtLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAPbokovx01PhbkPIYVHU0MTvyYUvScbtpTXcojJvNN033Fdg5gt+ey+j
DIhr4rUUYl4Y3QL96GpmF+vW6GVdlIwazL4Fui8wmOOqBp10KvvjmDsFBvmIDuMD
Oun+NiklvG8gnqjbfxwft+mSuPUpTkc4k6JcFs8sWVUiaq/dW/NBrdHKmoAMrNnb
KLDqazd/OQXNoDx4atAsG6E7kMNY6+r61guZRg3TK35lCYyvLBIrVK8O40KQe11a
eLaaIUI3zLPIzeN0/Ep8tSgGhg1hQqwf6DCDXhYwsl07pcAJ1d7gNcxNROc29PGR
rW0vK1BqEfRf9TTIaYm1Ji6L/F8tXIsCAwEAAaOCAeEwggHdMB8GA1UdIwQYMBaA
FJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBTboaDQx4Nlb5nsWd8JIqqj
90Vc5jAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkG
CCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwB
AgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09N
T0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBhQYIKwYB
BQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9D
T01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsG
AQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wLwYDVR0RBCgwJoIPY3J5
cHRvc3Rvcm0ub3JnghN3d3cuY3J5cHRvc3Rvcm0ub3JnMA0GCSqGSIb3DQEBCwUA
A4IBAQBCuufP40dhTRZ68Td7PiRbu59LComjHEKIGm5868/piGSl6zm54NtFa75u
6pkjKCs8iF9ZylYCrYiR1OIAUbc0krlBrMfQB5XyllrlV7TjHMYbRLvHKcqcZ4si
WP3pJETA+3PPZ3hlSLvreZEQs9ipuaOrfk5D4HNF9YrBODWYK53Ka1sKqTdh/iIy
AhEEEKUe+hxeWPgwDgFRjLCi9RiJoksT4s9XSGFXTJhoQn6DVuyuAx4UBkrERV0R
KZh5pMbZs0OLmWAtnzC0tCyKl2LW9Rprf1rJNa7rt7atn8BS3lMO8iuuw24dOSPZ
lt0lTag1+mN3CzY3Rf7jhWczndne
-----END CERTIFICATE-----


unpacked x.509 content:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
45:e6:3b:46:68:5e:58:64:2a:74:15:2b:3b:1f:83:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
Validity
Not Before: Aug 19 00:00:00 2014 GMT
Not After : Aug 18 23:59:59 2017 GMT
Subject: OU = Domain Control Validated, OU = PositiveSSL, CN = cryptostorm.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:f6:e8:92:8b:f1:d3:53:e1:6e:43:c8:61:51:d4:
d0:c4:ef:c9:85:2f:49:c6:ed:a5:35:dc:a2:32:6f:
34:dd:37:dc:57:60:e6:0b:7e:7b:2f:a3:0c:88:6b:
e2:b5:14:62:5e:18:dd:02:fd:e8:6a:66:17:eb:d6:
e8:65:5d:94:8c:1a:cc:be:05:ba:2f:30:98:e3:aa:
06:9d:74:2a:fb:e3:98:3b:05:06:f9:88:0e:e3:03:
3a:e9:fe:36:29:25:bc:6f:20:9e:a8:db:7f:1c:1f:
b7:e9:92:b8:f5:29:4e:47:38:93:a2:5c:16:cf:2c:
59:55:22:6a:af:dd:5b:f3:41:ad:d1:ca:9a:80:0c:
ac:d9:db:28:b0:ea:6b:37:7f:39:05:cd:a0:3c:78:
6a:d0:2c:1b:a1:3b:90:c3:58:eb:ea:fa:d6:0b:99:
46:0d:d3:2b:7e:65:09:8c:af:2c:12:2b:54:af:0e:
e3:42:90:7b:5d:5a:78:b6:9a:21:42:37:cc:b3:c8:
cd:e3:74:fc:4a:7c:b5:28:06:86:0d:61:42:ac:1f:
e8:30:83:5e:16:30:b2:5d:3b:a5:c0:09:d5:de:e0:
35:cc:4d:44:e7:36:f4:f1:91:ad:6d:2f:2b:50:6a:
11:f4:5f:f5:34:c8:69:89:b5:26:2e:8b:fc:5f:2d:
5c:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7

X509v3 Subject Key Identifier:
DB:A1:A0:D0:C7:83:65:6F:99:EC:59:DF:09:22:AA:A3:F7:45:5C:E6
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.2.7
CPS: https://secure.comodo.com/CPS
Policy: 2.23.140.1.2.1

X509v3 CRL Distribution Points:

Full Name:
URI:http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl

Authority Information Access:
CA Issuers - URI:http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt
OCSP - URI:http://ocsp.comodoca.com

X509v3 Subject Alternative Name:
DNS:cryptostorm.org, DNS:www.cryptostorm.org
Signature Algorithm: sha256WithRSAEncryption
42:ba:e7:cf:e3:47:61:4d:16:7a:f1:37:7b:3e:24:5b:bb:9f:
4b:0a:89:a3:1c:42:88:1a:6e:7c:eb:cf:e9:88:64:a5:eb:39:
b9:e0:db:45:6b:be:6e:ea:99:23:28:2b:3c:88:5f:59:ca:56:
02:ad:88:91:d4:e2:00:51:b7:34:92:b9:41:ac:c7:d0:07:95:
f2:96:5a:e5:57:b4:e3:1c:c6:1b:44:bb:c7:29:ca:9c:67:8b:
22:58:fd:e9:24:44:c0:fb:73:cf:67:78:65:48:bb:eb:79:91:
10:b3:d8:a9:b9:a3:ab:7e:4e:43:e0:73:45:f5:8a:c1:38:35:
98:2b:9d:ca:6b:5b:0a:a9:37:61:fe:22:32:02:11:04:10:a5:
1e:fa:1c:5e:58:f8:30:0e:01:51:8c:b0:a2:f5:18:89:a2:4b:
13:e2:cf:57:48:61:57:4c:98:68:42:7e:83:56:ec:ae:03:1e:
14:06:4a:c4:45:5d:11:29:98:79:a4:c6:d9:b3:43:8b:99:60:
2d:9f:30:b4:b4:2c:8a:97:62:d6:f5:1a:6b:7f:5a:c9:35:ae:
eb:b7:b6:ad:9f:c0:52:de:53:0e:f2:2b:ae:c3:6e:1d:39:23:
d9:96:dd:25:4d:a8:35:fa:63:77:0b:36:37:45:fe:e3:85:67:
33:9d:d9:de
cryptostorm_admin - a mostly-shared, admin team forum account (sort of a person, but also shared)
PLEASE DON'T SEND PRIVATE MESSAGES to this account, as we can't guarantee quick replies!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-NBjJaLNBwWiwZeQF5BMLYqarawbgycwJ
support team email: support@cryptostorm.is
live chat support: #cryptostorm

Return to “cryptostorm in-depth: announcements, how it works, what it is”

Who is online

Users browsing this forum: No registered users and 17 guests

cron

Login