This blog post provides details over the SSL/TLS certificate for the Mailfence knowledge base (KB).
A modern browser should automatically check the validity of the Mailfence KB SSL/TLS certificate and alert you if it detects something untrustworthy. In case an adversary succeeds in spoofing Mailfence KB website (using a rogue SSL certificate), you will be able to detect such an (AiTM) attack by manually checking Mailfence KB website SSL/TLS certificate fingerprints.
Mailfence KB SSL/TLS certificate fingerprints/thumbprints (valid until 16/May/2025) are:
SHA1 fingerprint:
0F:60:B4:09:3A:4E:E0:02:05:5F:FD:5C:84:4B:0C:EE:A4:48:23:19
SHA-256 fingerprint:
7C:66:2E:6A:50:26:31:D8:A4:76:60:FE:51:F8:C2:80:98:C5:FA:74:AC:38:23:3C:B5:F4:56:A2:2B:55:5E:F1
If this matches what you see in your browser, then you know you are communicating with the right Mailfence KB website and using the correct public key to encrypt your sensitive information and only Mailfence KB can decrypt it.
Next update date: May 2025
Guidelines:
- For Chrome:
- Click on the lock button in front of the URL.
- Click on the Certificate.
- In Details tab, show All and verify the Thumbprint matches the one above (SHA1).
- For Firefox:
- Click on the lock button in front of the URL, then Connection secure and click on More Information.
- Go to Security and click on View Certificate.
- In General, verify the Fingerprints (SHA1 & SHA-256) matches the one’s above.
- For Safari:
- Click on the lock button in front of the URL.
- Select Show Certificate, in Details scroll to the bottom of the page.
- Verify the Fingerprints (SHA1 & SHA-256) matches the one’s above.
Note: Make sure, in your browser, you are looking at the leaf certificate (kb.mailfence.com). This certificate does not cover mailfence.com and blog.mailfence.com domain names.
At Mailfence – a secure and private email service, we believe in following good security practices, to contribute in providing you a secure and private email solution. Learn more about who we are.