verification client

independent certificate verification

verify zerotail infrastructure certificates on your own machine. no trust required.

download

bash script

portable shell script for unix/linux/macos

curl https://zerotail.cc/client/verify-zerotail.sh -o verify-zerotail.sh
chmod +x verify-zerotail.sh
./verify-zerotail.sh

download verify-zerotail.sh

what it does

fetches certificate data from zerotail.cc public api
connects directly to each monitored host
extracts live certificate fingerprints using openssl
compares api data vs live connections
reports any mismatches or anomalies

requirements

bash shell
curl (http requests)
openssl (certificate verification)
network access to zerotail.cc and monitored hosts

example output

zerotail certificate verification client v1.0.0

[1/4] fetching certificate data from https://zerotail.cc/api/public/certs
[2/4] parsing certificate data

[3/4] verifying certificates against live connections

  [ OK ] helium.zerotail.org - certificate matches
  [ OK ] neon.zerotail.org - certificate matches
  [ OK ] argon.zerotail.org - certificate matches
  [ OK ] blog.zerotail.org - certificate matches
  [ OK ] support.zerotail.org - certificate matches
  [ OK ] mail.zerotail.org - certificate matches

[4/4] verification summary
  total certificates: 6
  matching:           6
  mismatched:         0
  failed:             0

all certificates verified successfully
view detailed status at https://zerotail.cc

exit codes

0 - all certificates verified successfully
1 - certificate mismatches detected (investigate immediately)
2 - missing required binaries
3 - network error or all checks failed
4 - no certificates found in api response

why independent verification matters

certificate verification should not rely solely on the infrastructure provider. this client allows you to independently verify zerotail's certificates by:

running on your own machine (not zerotail servers)
connecting directly to services (no proxy or intermediary)
comparing multiple data sources (api vs live connections)
detecting potential man-in-the-middle attacks

what to do if mismatches are detected

verify your network connection is not compromised
check zerotail.cc status page for service alerts
run the script from multiple networks/locations
contact zero@ghostbox.cc if issues persist

api endpoint

GET https://zerotail.cc/api/public/certs

returns json with certificate data for all monitored hosts

source code

full source available at: codeberg.org/ZeroTail/OpenSecStatus

zerotail infrastructure status