Proton

UPDATE Sept. 15, 2020: SwissSign has dealt with the DDoS attack and has taken measures to prevent similar outages in the future. Therefore, we are using them again as our certificate authority. We have updated the fingerprints at the bottom of this article.

Proton has recently begun using Let’s Encrypt instead of SwissSign as the certificate authority to issue our TLS certificates on a temporary basis.

We have always been committed to transparency, safeguarding your privacy and offering you the best service possible. We regularly evaluate our certificate authority and have decided to temporarily switch to Let’s Encrypt because we believe they can offer a higher level of reliability after recent issues with SwissSign, which we explain further in this article. 

This change will have no practical impact on your experience using Proton Mail and Proton VPN. You can still log in and use our services as you always have done. The only difference is if you check your TLS certificate manually, you will see that it was issued by Let’s Encrypt rather than by SwissSign. 

Why we are temporarily changing certificate authorities

Certificate authorities are trusted third parties responsible for verifying websites’ servers and providing a stable and secure connection when users visit a website. In your browser, the padlock in your address bar indicates that your connection to the website’s servers is TLS encrypted and provides details about the certificate authority that is providing the certificate. 

Learn more about TLS encryption and how it works(nouvelle fenêtre)

Our provider, SwissSign AG, has been under DDoS attack since last Monday, which led to interruptions of our services. It’s important to note that this didn’t put our users’ data at risk. Until SwissSign can mitigate the attack, we have temporarily switched to another certificate authority called Let’s Encrypt(nouvelle fenêtre).

Let’s Encrypt is a certificate authority operated for the public’s benefit by the nonprofit Internet Security Research Group(nouvelle fenêtre). This organization is sponsored by the Electronic Frontier Foundation, the Mozilla Foundation and others, and has an excellent track record for security and stability. Like us, they regularly publish transparency reports(nouvelle fenêtre) and use open standards wherever possible, so it is an additional benefit that Let’s Encrypt’s values align with ours. 

You can review Let’s Encrypt’s documentation here(nouvelle fenêtre)

As always, we will continue to evaluate the best option for our users.  

You can also find Proton’s new SHA-256 and SHA-1 below:

SHA-256 23:00:B8:54:21:8A:3D:4F:4F:E7:8B:58:9E:ED:FA:BB:16:65:51:89:D8:71:00:85:A5:67:D0:33:AA:60:3B:CC

SHA-1
42:65:80:E0:43:5A:08:9C:1D:26:14:7F:58:A1:6A:40:94:F2:59:A0

Best regards,
The Proton Mail Team

You can get a free secure email account from Proton Mail here(nouvelle fenêtre).

We also provide a free VPN service(nouvelle fenêtre) to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(nouvelle fenêtre). Thank you for your support.

***

Feel free to share your feedback and questions with us via our official social media channels on Twitter(nouvelle fenêtre) and Reddit(nouvelle fenêtre).

Articles similaires

The cover image for a Proton Pass blog comparing SAML and OAuth as protocols for business protection
en
SAML and OAuth help your workers access your network securely, but what's the difference? Here's what you need to know.
Proton Lifetime Fundraiser 7th edition
en
Learn how to join our 2024 Lifetime Account Charity Fundraiser, your chance to win our most exclusive plan and fight for a better internet.
The cover image for a Proton Pass blog about zero trust security showing a dial marked 'zero trust' turned all the way to the right
en
Cybersecurity for businesses is harder than ever: find out how zero trust security can prevent data breaches within your business.
How to protect your inbox from an email extractor
en
Learn how an email extractor works, why your email address is valuable, how to protect your inbox, and what to do if your email address is exposed.
How to whitelist an email address and keep important messages in your inbox
en
Find out what email whitelisting is, why it’s useful, how to whitelist email addresses on different platforms, and how Proton Mail can help.
The cover image for Proton blog about cyberthreats businesses will face in 2025, showing a webpage, a mask, and an error message hanging on a fishing hook
en
Thousands of businesses of all sizes were impacted by cybercrime in 2024. Here are the top cybersecurity threats we expect companies to face in 2025—and how Proton Pass can protect your business.