National certification authority certificates

Any site processing user data must have a valid certificate. It allows the browser to verify that it's sending data to the correct site specified in the address bar, and not to its copy create by malicious actors.

Yandex Browser, like other modern browsers, won't open sites that had their certificates revoked. Some Russian sites have faced refusals to issue certificates. To assure users that sending data to these sites was safe, the Russian National Certification Authority was established, a dedicated entity fully trusted by Yandex Browser.

Certification

The first Russian national certification authority was created as part of the Gosuslugi platform, Russia's portal of public services. To obtain a certificate, the site owner must submit an application. The Gosuslugi service verifies the ownership of the domain, adds it to a public list or Certificate Transparency (CT) log, and issues a certificate.

Like other CAs, the National Certification Authority only verifies domain ownership. The site owner doesn't share the personal information of its users with Gosuslugi.Certificates issued by the National Certification Authority are used solely for the secure exchange of secret keys between the user and the site. They can't be used to decrypt traffic.

Yandex Browser trust model

In Yandex Browser, the trust model for certificates issued by the National Certification Authority differs based on their issue date.

Before May 19, 2022

National Certification Authority certificates are recognized for domains that are included in the public list. Yandex Browser blocks access to sites that are missing from the list. In addition, you can't obtain a wildcard certificate that covers all second-level domains (for example, all *.ru domains), as Yandex Browser doesn't support them.

After May 19, 2022

National Certification Authority certificates are recognized for domains that are included in the Certificate Transparency public log. The CT standard is designed to monitor the work of certification authorities and identify certificates that were issued by mistake or for fraudulent purposes.

What will change for the user

Nothing. When you open a site with a certificate from the National Certification Authority in Yandex Browser, you'll see the icon in the SmartBox. It indicates that the site can ensure secure transfer of data thanks to encryption.

<,span,class="button",>Contact support
Previous
Block loading of unsafe content
Next
Checking downloaded files for viruses