Pre-generated trust stores for various Gemini clients
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
nervuri d66aef523e
run 4
3 days ago
agunua run 4 3 days ago
amfora run 4 3 days ago
certs run 4 3 days ago
lagrange run 4 3 days ago
.gitignore init 1 week ago
LICENSE.txt init 1 week ago init 1 week ago
cert-details.csv run 4 3 days ago run 4 3 days ago
hosts run 1 1 week ago
log-stderr run 4 3 days ago
log-stdout run 4 3 days ago

Gemini Trust Stores

Geminispace is (currently) small enough that we can afford to download all known capsules' TLS certificates and use them to generate trust stores for various Gemini clients. If verified via multiple network perspectives, using a pre-generated trust store is a major improvement over blindly trusting-on-first-use.

This repo contains:

  1. All TLS certificates of capsules listed in gemini://, updated every few days (no more than a week). This will give us a history of certificates in Geminispace, starting in 2021-04-27.
  2. A table containing details about each certificate (markdown and CSV).
  3. Trust stores for various Gemini clients, currently:

You can find instructions on how to use them in their respective directories.

The scripts used to generate these files are available here. The Tor option is used, so most certificates are attested to from at least two network perspectives.

All commits are signed with this GPG key (B769BD004A417E3A5A902DD1C4769EEA7BA61672).

You don't need to trust that I am publishing the correct certificates. The scripts should be easy to understand; I encourage you to run them yourselves and generate these files from your own network perspectives. If the results don't coincide with what I've published, please let me know.

How to contribute

The project is hosted at If you don't want to make an account, just shoot me an email with your patch/suggestion/bug report/whatever else.