Skip to main content
BusinessPrivate
LoginRegister now

Answers for companies

The Business Knowledge Base is already largely up to date. A few individual articles are currently being revised and adapted. We thank you for your understanding and look forward to providing you with up-to-date information on using mailbox.

Please note: The knowledge base has changed slightly. Categories have been adapted and URLs stored in the old knowledge base may no longer be valid.

Fingerprints of our SSL Certificates

Why we do not publish SSL fingerprints on our website

Some users have wondered why we do not publish the fingerprints (i.e. the hash value) of our SSL certificates from Thawte on our website. Some websites do this — but we do not.

When you check the fingerprints of SSL certificates, the purpose is to ensure that no third party (“Man-in-the-Middle”) has intercepted the connection and manipulated the supposedly secure connection using fake certificates.

However, a Man-in-the-Middle who managed to perform such manipulation could also alter the content of the website at the same time — and replace the published SSL fingerprint with one of their own.
If a user then checked the SSL fingerprints, the manipulated fingerprints would match the forged certificate.

The user would mistakenly believe that the website is authentic and be lulled into a false — and therefore dangerous — sense of security.

At mailbox, we therefore publish our SSL fingerprints through a secure, independent channel.
The technology used for this is called DANE, which publishes SSL fingerprints directly within the DNS system of the domain. To ensure that a Man-in-the-Middle cannot manipulate this data, the published information is protected using cryptographic signatures via the DNSSEC system. DANE/DNSSEC therefore provides a secure, secondary, and independent medium through which SSL certificate fingerprints can be published.

Modern browsers — or appropriate plug-ins — can verify the DANE records of a website and, for example, visually indicate the authenticity of the SSL certificate through color markings.

Alternatively, you can use an independent service to verify the SSL certificate that reads the corresponding DNS entry for you, for example:
https://www.huque.com/bin/danecheck

  • LinkedIn icon
  • Mastodon icon
  • Bluesky icon
  • RSS icon

Heinlein Gruppe