Mailfence knowledge base: SSL/TLS certificate

This blog post provides details over the SSL/TLS certificate for the Mailfence knowledge base (KB).

SSL certificate knowledge base

A modern browser should automatically check the validity of the Mailfence KB SSL/TLS certificate and alert you if it detects something untrustworthy. In case an adversary succeeds in spoofing Mailfence KB website (using a rogue SSL certificate), you will be able to detect such an (AiTM) attack by manually checking Mailfence KB website SSL/TLS certificate fingerprints.

Mailfence KB SSL/TLS certificate fingerprints/thumbprints (valid until 16/May/‎2023) are:

SHA1 fingerprint:

30:06:E1:E0:59:58:D4:13:CE:AF:D8:18:BB:6D:C4:86:EF:DA:C2:09 

SHA-256 fingerprint:

FB:06:EE:B3:D7:90:A7:B5:52:A6:5F:8E:C0:82:9C:A6:EB:05:5F:6B:2B:3B:42:EF:BF:80:F9:20:15:B5:19:DF

If this matches what you see in your browser, then you know you are communicating with the right Mailfence KB website and using the correct public key to encrypt your sensitive information and only Mailfence KB can decrypt it.

Next update date: May 2023

Guidelines:

  • For Chrome:
    1. Click on the lock button in front of the URL.
    2. Click on the Certificate.
    3. In Details tab, show All and verify the Thumbprint matches the one above (SHA1).
  • For Firefox:
    1. Click on the lock button in front of the URL, then Connection secure and click on More Information.
    2. Go to Security and click on View Certificate.
    3. In General, verify the Fingerprints (SHA1 & SHA-256) matches the one’s above.
  • For Safari:
    1. Click on the lock button in front of the URL.
    2. Select Show Certificate, in Details scroll to the bottom of the page.
    3. Verify the Fingerprints (SHA1 & SHA-256) matches the one’s above.

Note: Make sure, in your browser, you are looking at the leaf certificate (kb.mailfence.com).

At Mailfence – a secure and private email service, we believe in following good security practices, to contribute in providing you a secure and private email solution.

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team

Avatar for M Salman Nadeem

M Salman Nadeem

Salman works as an Information security analyst for Mailfence. His areas of interests include cryptography, security architecture and design, access control and operations security. You can follow him on LinkedIn @mohammadsalmannadeem

You may also like...