Certificate Watch
Warns when TLS certificates change over time.
What is Certificate Watch?
Stats
Chrome-Stats Rank
Other platforms
Summary
This add-on watches over the TLS certificates that websites present to you and warns when the certificate for a domain changes. If a new domain is encountered, its certificate is added to the local storage of this add-on. Future connections to that domain will check that the certificate is still the same as in the local storage.
The add-on icon can display three possible states:
- Stored: The certificate of the domain is the same as the one in storage.
- New: There is no previous certificate stored for this domain; the new one is automatically added to the storage.
- Changed: The certificate of the connection is different to the one in storage. This means, that the certificate of the website was changed. A click on the add-on icon will display more information and has the option to accept the new certificate into the local storage (overriding the old certificate).
Be aware of the following points:
- This add-on does not check that certificates are valid. The browser does this already. This add-on only compares certificates of connections that the browser deems safe.
- This add-on does not block any requests where the certificate has changed. It only informs the user of this fact. If the add-on displays a changed certificate, it is up to the user to decide what to do (e.g. leave the page, accept the certificate, or something else).
- This add-on implements Trust On First Use (TOFU): the first certificate that is encountered for a domain is automatically trusted. Only future changes will raise a warning.
- Users of this add-on should already have basic knowledge of how certificates for TLS connections work. The warnings generated by this add-on only make sense if the user can correctly interpret them.
- This add-on does not work in private browsing mode (see Firefox bug 1329304).
User reviews
Safety
Risk impact
Certificate Watch is risky to use as it requires a number of sensitive permissions that can potentially harm your browser and steal your data. Exercise caution when installing this add-on. Review carefully before installing. We recommend that you only install Certificate Watch if you trust the publisher.
Risk likelihood
Certificate Watch has earned a fairly good reputation and likely can be trusted.