Swiss SSL Certificates for mailbox.org

mailbox.org aims to conduct all support work and services with German companies. Until now, this has been extremely difficult if not impossible in the area of SSL certificates. This is because almost all (including German) certification authorities (CAs) are based sooner or later on American root certificates. mailbox.org is the first e-mail provider to go the Swiss way.

Although two relatively new pure German CAs exist, they are not yet included in older browsers and e-mail programs. If used by mailbox.org users with older programs, these users would still receive the usual certificate warnings (‘…unable to verify…’), which means that on balance no additional security would be gained.

We sought the cooperation of the Swiss SSL certification authority SwissSign to bridge the time until it’s possible for German SSL certificates to be used. This means that, as of now, we receive all our SSL certificates from our partner in Switzerland. We believe that this is the best and most reliable way to proceed at the moment and that this solution is suitable for use in practice (unfortunately, all this comes at Swiss prices…).

Now that we’ve changed our mail servers over to SwissSign in the last few days, we plan to exchange our previous Comodo certificates on our Web servers for the new SwissSign certificates tonight.

If a user uses a plug-in to get their browser to monitor certificate changes, they will probably be notified of this exchange of certificates. However, in the vast majority of cases, users should not notice that our certificates have changed.

Up to now, we have used a special ‘Extended Validation’ certificate (EV) for https://mailbox.org and https://office.mailbox.org. With this EV certificate, the browser address bar goes green to indicate that the SSL connection is extra secure. We still have to wait another 7 to 14 days for these new SwissSign EV certificates due to the particularly complex registration and verification process.
During this transition period, our Web pages will have to manage without this green EV coloring of the browser bar. If you miss this green coloring during the next few days, you can rest assured that everything is being done properly – with SSL all connections are (even more) secure.