惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

SecWiki News
SecWiki News
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
Visual Studio Blog
博客园 - 叶小钗
S
SegmentFault 最新的问题
IT之家
IT之家
大猫的无限游戏
大猫的无限游戏
博客园_首页
Apple Machine Learning Research
Apple Machine Learning Research
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
月光博客
月光博客
酷 壳 – CoolShell
酷 壳 – CoolShell
腾讯CDC
D
Darknet – Hacking Tools, Hacker News & Cyber Security
V
V2EX
阮一峰的网络日志
阮一峰的网络日志
L
Lohrmann on Cybersecurity
量子位
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tor Project blog
J
Java Code Geeks
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 三生石上(FineUI控件)
Attack and Defense Labs
Attack and Defense Labs
AI
AI
The Cloudflare Blog
T
Tailwind CSS Blog
S
Schneier on Security
爱范儿
爱范儿
PCI Perspectives
PCI Perspectives
Stack Overflow Blog
Stack Overflow Blog
S
Secure Thoughts
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
The Exploit Database - CXSecurity.com
博客园 - 【当耐特】
V2EX - 技术
V2EX - 技术
S
Securelist
P
Proofpoint News Feed
T
Threat Research - Cisco Blogs
Help Net Security
Help Net Security
C
Cisco Blogs
N
News and Events Feed by Topic
人人都是产品经理
人人都是产品经理
B
Blog RSS Feed
K
Kaspersky official blog
T
The Blog of Author Tim Ferriss
G
Google Developers Blog
S
Security Affairs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Simon Willison's Weblog
Simon Willison's Weblog

Posteo.de - Newsroom

Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de Email green, secure, simple and ad-free - posteo.de
Email green, secure, simple and ad-free - posteo.de
2015-12-23 · via Posteo.de - Newsroom

Second extended certificate

Created at 22.December 2015, 18:30 | Category: Blog

Dear Posteo users,

From now on, we are also deploying a second extended security certificate.

Such authenticated, “green security certificates” are used first and foremost by organisations that deal with sensitive data, such as banks. It can be seen on the left of our web address (https://posteo.de) in your browser (usually a key symbol with green background). In this way you can always recognise that you are actually on the Posteo website – and not some sort of phishing site. If you use a local email program, it will additionally check the security certificate before establishing an encrypted connection with Posteo – confirming the validity of the encryption partner. Email providers use certification authorities for this, who confirm the validity of a security certificate before an encrypted connection is established. OCSP is an additional security measure: An OCSP server confirms that a certificate has not been revoked.

We therefore use a second certificate
The reason for additionally deploying a second certificate is that the OCSP servers of the certification authority StartCom were not reliably reachable over the past few days. In some individual cases, this led to restrictions in programs that additionally check OCSP, such as Thunderbird and Firefox. We know that for this reason some of our users experienced an error when opening our website or working in a local email program. At Posteo itself, there was no problem at any time, and the security of your connections was not affected at any time. Because it is completely unacceptable to us that a problem at a single certification authority repeatedly affects our customers, we are from now on using a certificate certified by the Bundesdruckerei, which we had recently already created as a second certificate.

What a certification authority does
Email providers use certification authorities to confirm the validity of their certificates before an encrypted connection is established. A certifier in addition certifies the public key of a provider’s SSL certificate. It’s similar to a notary: After checking multiple documents, (including company registration, personal identity documents, telephone calls with us and our lawyers, etc) the certification authority confirms that the public key really does belong to the provider, in this case, therefore, to Posteo e.K. The certification authority does not create our certificate and/or key pair – we do this ourselves. They can therefore not manipulate or exchange the keys.

Our new certificate, certified by the Bundesdruckerei, conforms to current security standards and was signed using the SHA-256 algorithm.

If your browser, email program, smartphone or tablet happens to produce an error message due to an invalid certificate following our change, this is not due to an attack or an error. It merely means your program has the old certificate saved. In most cases, restarting the program or device should remedy this.

The “electronic fingerprints” for our new security certificate are:
SHA256: 6A:B1:9D:FB:FB:10:2E:D8:89:01:76:8C:B1:6B:61:13:A1:E3:B6:A5:47:D6:85:A3:FD:08:7F:11:DA:35:77:E7
SHA1: 8D:D7:97:B4:45:79:4D:EC:64:AE:D1:90:88:AC:B4:F4:5A:21:EA:6A
MD5: DA:CC:03:04:8C:E8:03:54:4F:6B:B2:2E:C2:ED:94:D8

You can also find the fingerprints for both certificates in our legal notice page. This information is only relevant for users who manually check our certificates.

If a program or system that you use does not have the Bundesdruckerei root certificate pre-installed and therefore does not trust the connection to Posteo, you can simply install it. It can be found for download from the Bundesdruckerei website. There, you can also find the fingerprint of the root certificate “D-TRUST Root Class 3 CA 2 EV 2009” on the downloads page, which we also publish here for comparison purposes:
SHA-256 EE:C5:49:6B:98:8C:E9:86:25:B9:34:09:2E:EC:29:08:BE:D0:B0:F3:16:C2:D4:73:0C:84:EA:F1:F3:D3:48:81
SHA-1 96:C9:1B:0B:95:B4:10:98:42:FA:D0:D8:22:79:FE:60:FA:B9:16:83

The Posteo domains that we use with the SSL certificate are in our possession. The entries of our name server in the DNS are also additionally secured with DNSSEC, to prevent manipulation. And using DANE anyone can check our key’s fingerprints without doubt.

Even if we did not have any influence over the disturbances caused by the error at the certification authority, we would still like to apologise if you were affected by this annoying problem.

Best regards,

The Posteo team