Merlin
Certificate Watch

Certificate Watch

Warns when TLS certificates change over time.

What is Certificate Watch?
Certificate Watch is a Firefox add-on that watches over TLS certificates presented by websites and warns when the certificate for a domain changes. It helps users detect changes in certificates and make informed decisions about their online security.
Download
Merlin
Stats
By: PilzAdam
Users: 56 ▼ -6
Rating: 5.00 (2)
Version: 1.12.0 (Last updated: 2019-12-01)
Creation date: 2019-08-12
Weekly download count: NaN
Firefox on Android: No
Risk impact: High risk impact
Risk likelihood: Low risk likelihood
Manifest version: 2
Permissions:
  • https://*/*
  • wss://*/*
  • webRequest
  • webRequestBlocking
  • storage
  • unlimitedStorage
Size: 49.62K
URLs: Website
Stats date:

Chrome-Stats Rank

# 12324 ▼ 445
Other rankings
#24 in watch keyword 26 ▼ 3 #103 in match keyword 14 ▼ 5 #153 in catalog keyword 27 ▼ 3 #155 in category keyword 11 ▼ 7 #222 in override keyword 19 ▼ 7

Other platforms

Not available on Chrome
Not available on Edge
Want to check extension ranking and stats more quickly for other Firefox add-ons? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Firefox Browser Add-ons.
Chrome-Stats extension
Merlin
Summary
Analyze keywords

This add-on watches over the TLS certificates that websites present to you and warns when the certificate for a domain changes. If a new domain is encountered, its certificate is added to the local storage of this add-on. Future connections to that domain will check that the certificate is still the same as in the local storage.

The add-on icon can display three possible states:

  • Stored: The certificate of the domain is the same as the one in storage.
  • New: There is no previous certificate stored for this domain; the new one is automatically added to the storage.
  • Changed: The certificate of the connection is different to the one in storage. This means, that the certificate of the website was changed. A click on the add-on icon will display more information and has the option to accept the new certificate into the local storage (overriding the old certificate).
This add-on can be a countermeasure to attacks where the attacker has a valid certificate for the attacked website. Changes to the certificate that the browser happily accepts can no longer go unnoticed. The goal of this countermeasure is simply to make the user aware that something has changed; user intervention is still required.

Be aware of the following points:

  • This add-on does not check that certificates are valid. The browser does this already. This add-on only compares certificates of connections that the browser deems safe.
  • This add-on does not block any requests where the certificate has changed. It only informs the user of this fact. If the add-on displays a changed certificate, it is up to the user to decide what to do (e.g. leave the page, accept the certificate, or something else).
  • This add-on implements Trust On First Use (TOFU): the first certificate that is encountered for a domain is automatically trusted. Only future changes will raise a warning.
  • Users of this add-on should already have basic knowledge of how certificates for TLS connections work. The warnings generated by this add-on only make sense if the user can correctly interpret them.
  • This add-on does not work in private browsing mode (see Firefox bug 1329304).
User reviews
by igorlogius, 2023-09-05
View all user reviews
Safety
Risk impact

Certificate Watch is risky to use as it requires a number of sensitive permissions that can potentially harm your browser and steal your data. Exercise caution when installing this add-on. Review carefully before installing. We recommend that you only install Certificate Watch if you trust the publisher.

Risk likelihood

Certificate Watch has earned a fairly good reputation and likely can be trusted.

Upgrade to see risk analysis details
Screenshots
Certificate Watch Certificate Watch Certificate Watch Certificate Watch