ProtonMail’s SSL Certificate

screeen

January 19th, 2016 update:

We have upgraded our SSL certificate!  The new fingerprint can be found in our knowledge base: https://protonmail.com/support/knowledge-base/protonmails-ssl-certificate/

NOTE: ProtonMail may use different SSL certificates for our subdomains, the information below only pertains to our main site protonmail.com

ProtonMail is all about privacy and we want to do our best to protect everyone’s data and communication.  When accessing protonmail.ch, the transmission of information between your browsers and our servers in Switzerland is always encrypted and protected by HTTPS.  While this is not the same as the end-to-end encryption concept of PGP, it is nevertheless important for protecting you from man-in-the-middle attacks and other forms of communication eavesdropping.

For HTTPS, each website has a SSL certificate that is verified by a trusted certificate authority.  The certificate authority that vouches for ProtonMail is QuoVadis Trustlink Schweiz AG, which is a subsidiary of the Swiss postal service.  A modern browser should automatically check the validity of the certificate of a HTTPS protected website and alert you if it detects something untrustworthy.  For the uber security conscious users who want to manually check, the SHA1 hash/fingerprint/thumbprint of our certificate is:

0C 13 D9 0D 85 8A B7 8D 14 5E 9C 59 5B FE 2D 2E 3D 67 86 51

 

 

The fingerprint for app.protonmail.ch is:

95 20 1C 7D 7D 3D BE E4 4E EF AB 93 00 A1 E3 45 F5 AB A8 59

 

If this matches what you see in your browser, then you know you are communicating with the real ProtonMail website and using the correct public key to encrypt your sensitive information and only ProtonMail can decrypt it.

 

You can check it in Chrome as follows:

Click on the lock button in front of the URL.

Go to Connection and click on Certificate Information.

Screen Shot 2016-01-19 at 8.06.41 PM

 

In Details, show All and verify the Thumbprint matches the one above (make sure you are looking at the certificate for protonmail.ch, not QuoVadis Trustlink Schweiz AG ).

You can check it in Firefox as follows:

Click on the lock button in front of the URL and click on More Information.

Go to Security and click on View Certificate.

Screen Shot 2016-01-19 at 8.12.17 PM

 

In General, verify the SHA1 Fingerprint matches the one above (make sure you are looking at the certificate for protonmail.ch, not QuoVadis Trustlink Schweiz AG).

We will continue to improve our security protocols and roll out more security features as we scale up.  Thanks for all the interest and help from the community!

 

Best regards,

The ProtonMail Team

About the Author

Admin

We are scientists, engineers, and developers drawn together by a shared vision of protecting civil liberties online. Ensuring online privacy and security are core values for the ProtonMail team, and we strive daily to protect your rights online.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

35 comments on “ProtonMail’s SSL Certificate