If you have ever thinking about TLS certificate for your onion website, now you can buy one. To be clear, getting certificate was already possible but very expensive.
One of the first providers was DigiCert, offering certificate for onion domain, and the price was about 350$. It was not expensive for Facebook, so they implemented it in their onion website.
Thanks to Harrica, a Root CA Operator founded by Academic Network (GUnet) now it’s much cheaper to have TLS certificate for your onion website and operate more securely in deep wild web.
We already know that communication through TOR is already encrypted, so the question is why should we use TLS for onion website?
Our Community portal page about onion services give you a list of reasons why a service admin would need a TLS certificate as part of their implementation. Here are some of them:
- Websites with complex setups and that are serving HTTP and HTTPS content
- To help the user verify that the .onion address is indeed the site you are hosting (this would be a manual check done by the user looking at the cert registration information)
- Some services work with protocols, frameworks, and other infrastructure that has HTTPS connection as a requirement
- In case your web server and your tor process are in different machines
Even we are talking about paid version, we really hope that in future providers like Lets Encrypt will be able to provide onion SSL certificate for FREE.
Also make sure you are doing it for onion v3 because Tor will no longer support v2 and support will be removed from the code base.