Homepage / Archive index / Blog index

tl;dr

The Swiss Bay has its own CA, so please download it and install its public key in your browser. This will allow you to use our secure endpoint and not get any authenticity warning. Please follow one of the guides below:

Trusting HTTPS

If you've landed on this page, it probably means you are paranoid towards common Certificate Authorities and want some peace of mind. In that case, we have just what you need.

The reason is simple: trust.

Any website running HTTPS needs a special certificate that has been issued and signed by a publicly recognized certificate authority (CA). As such, a website visitor not only has to trust the website he's visiting but also that website's CA, because it's that entity which ensures that no MITM/phishing is going on.

However, since the CA is the only certificate provider, it might as well issue and sign certificates itself on behalf of the website owner and set up a fake copy of the original website. The user won't even notice it, because the CA is in its trusted list.

To circumvent this problem, one would need to get rid of external CAs and issue and sign certificates himself. And that's exactly what The Swiss Bay did.

This ensures that when you visit paranoid.theswissbay.ch through HTTPS, it's really The Swiss Bay and not a fake server. Why ? Because nobody can issue a valid certificate in our name, provided you ensure that the webpage you're on has its certificate issued by 'The Swiss Bay Root CA'.

From 01.05.2023
To get going, follow these steps:

  1. Fetch our GPG key: gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys B2D1F566BF9C655C0C19887B416FD4144343661F or download it directly.
  2. Get the signed CA public key.
  3. Extract and verify the file: gpg TSB_Issuing_CA.pem.asc.
  4. Install the TSB_Issuing_CA.pem file into your browser using the guides above.
  5. You should now be able to access paranoid.theswissbay.ch without warnings.

Until 30.04.2023
To get going, follow these steps:

  1. Fetch our GPG key: gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys B2D1F566BF9C655C0C19887B416FD4144343661F or signed CA public key.
  2. Extract and verify the file: gpg TSBRootCA.pem.asc.
  3. Install the TSBRootCA.pem file into your browser using the guides above.
  4. You should now be able to access paranoid.theswissbay.ch without warnings.

Note: check back on this page in early 2026 as the CA will be renewed at that time.