Secure SSL/TLS Certificate Thumbprint Retrieval Service provides a remote X.509 certificate thumbprint retrieval service protected by keys independent of the public key infrastructure. This gives users the ability to detect man-in-the-middle attacks that use valid certificates.

Additionally, this service can provide checks for self-signed certificates. Since this service provides a protected retrieval mechanism independent of the PKI, certificates can be validated regardless of their signatures. The only unprotected state is between the servers and the server it is retrieving a certificate from. Therefore, the only attack this service cannot protect against is a man-in-the-middle attack on the server itself. However, these attacks are very rare compared to attacks on clients.

To get a browser plugin to utilize the service, visit the Browser Plugins page.
For more information about how this service works and what it protects against, visit the About page.
To get the details of the protocol, visit the Protocol page.
To check the status of the service, visit the Service Status page.