Pre-generated trust stores for various Gemini clients
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
nervuri 1fc11c8eb2
run 133
2 weeks ago
agunua run 133 2 weeks ago
amfora run 133 2 weeks ago
certs run 133 2 weeks ago
lagrange run 133 2 weeks ago
.gitignore run 21 2 years ago
LICENSE.txt init 2 years ago README: change update period to once/week 11 months ago
cert-details.csv run 133 2 weeks ago run 133 2 weeks ago
hosts run 133 2 weeks ago
log-stderr run 133 2 weeks ago
log-stdout run 133 2 weeks ago

Gemini Trust Stores

Geminispace is (currently) small enough that we can afford to download all known capsules' TLS certificates and use them to generate trust stores for various Gemini clients. If verified via multiple network perspectives, using a pre-generated trust store is a major improvement over blindly trusting-on-first-use.

This repo contains:

  1. All TLS certificates of capsules listed on and Lupa, updated about once per week. This gives us a history of certificates in Geminispace, starting in 2021-04-27.
  2. A table containing details about each certificate (markdown and CSV).
  3. Trust stores for various Gemini clients, currently:

You can find instructions on how to use them in their respective directories.

The scripts used to generate these files are available here. The Tor option is used, so most certificates are attested to from at least two network perspectives.

All commits are signed with this GPG key (B769BD004A417E3A5A902DD1C4769EEA7BA61672).

You don't need to trust that I am publishing the correct certificates. The scripts should be easy to understand; I encourage you to run them yourselves and generate these files from your own network perspectives. If the results don't coincide with what I've published, please let me know.

How to contribute

The project is hosted at If you don't want to make an account, just shoot me an email with your patch/suggestion/bug report/whatever else.