Pre-generated trust stores for various Gemini clients
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
nervuri 109c8e3077
run 56
2 days ago
agunua run 56 2 days ago
amfora run 56 2 days ago
certs run 56 2 days ago
lagrange run 56 2 days ago
.gitignore run 21 5 months ago
LICENSE.txt init 7 months ago run 13 6 months ago
cert-details.csv run 56 2 days ago run 56 2 days ago
hosts run 56 2 days ago
log-stderr run 56 2 days ago
log-stdout run 56 2 days ago

Gemini Trust Stores

Geminispace is (currently) small enough that we can afford to download all known capsules' TLS certificates and use them to generate trust stores for various Gemini clients. If verified via multiple network perspectives, using a pre-generated trust store is a major improvement over blindly trusting-on-first-use.

This repo contains:

  1. All TLS certificates of capsules listed on and Lupa, updated every few days (no more than a week). This gives us a history of certificates in Geminispace, starting in 2021-04-27.
  2. A table containing details about each certificate (markdown and CSV).
  3. Trust stores for various Gemini clients, currently:

You can find instructions on how to use them in their respective directories.

The scripts used to generate these files are available here. The Tor option is used, so most certificates are attested to from at least two network perspectives.

All commits are signed with this GPG key (B769BD004A417E3A5A902DD1C4769EEA7BA61672).

You don't need to trust that I am publishing the correct certificates. The scripts should be easy to understand; I encourage you to run them yourselves and generate these files from your own network perspectives. If the results don't coincide with what I've published, please let me know.

How to contribute

The project is hosted at If you don't want to make an account, just shoot me an email with your patch/suggestion/bug report/whatever else.