Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ
Freewheeling spot to chew the fat on anything cryptostorm-related that doesn't fit elsewhere (i.e. support, howto, &c.). Criticism & praise & brainstorming & requests for explanation... this is where it goes when it's hot & ready for action!
ProtonMail uses a Swiss SSL certificate because of this:
Our SSL certificate authority (CA) is QuoVadis Trustlink Schweiz AG
, a leading Swiss SSL certificate issuer. Using a Swiss based CA ensures that our CA's SSL infrastructure is not under the control of US or EU government agencies.
cryptostorm is using Comodo as certificate authority. Comodo is based in the United Kingdom and the United Kingdom is a Five Eyes country. Comodo also seems to be one of the most incompetent CA security-wise (along with WoSign and StartCom) (source
I would recommend switching to a CA that is based in a country with good privacy laws. Iceland has as far as I know no CA that has wide implementation across operating systems and browsers. However, there are multiple CAs that are based in Switzerland, which has privacy laws comparable to Iceland. I'd try getting the same SSL certificate that ProtonMail uses, since it seems to be working great for them.
While I love the fact that Let's Encrypt is free, open source and run by a trustworthy non-profit the fact remains that the organisation behind Let's Encrypt - Internet Security Research Group (ISRG) - is based in the US. Then ISRG could be served a National Security Letter combined with a gag order, which would force them to comply with any US government request - such as giving the US government private SSL keys - and forbidding ISRG from disclosing it to their users. It would be best if the CA used for cryptostorm wouldn't be based in a Five Eyes country and the country should preferably have very strong privacy laws.