Self-signed - PrivateRelay certificates

For the security conscious, not required for normal use

Using PrivateRelay self-signed certificates is a little more difficult to setup than our standard certificates. If however you would prefer to use our in house certificates, or you are simply curious on what they are all about then please read on.

The secure protocol in place between our servers and your devices uses what is called SSL, this stands for Secure Socket Layer and is a protocol (language) used to talk between the systems. The SSL layer is what converts a normal computer conversation into an encrypted one.

Using our standard services uses the SSL certificates that have been signed (issued) by industry certification authorities which are ‘trusted’ in issuing these certificates. What this means is that when you connect to us using these certificates your devices will immediately recognize the fact that they have been issued by a ‘trusted’ authority and immediately start to use the certificate as part of the encryption.

There are a growing number of people that are not entirely confident that these ‘trusted’ certificates do not contain some kind of backdoor mechanism for governments or other organisations to crack these encrypted transfers of data. To combat this we are pleased to also provide connections using certificates that have been signed solely by PrivateRelay, and therefore do not depend on external certification authorities.

The issue in using the PrivateRelay signed certificates is that, by default, your devices will complain that the certificate that is being presented has not been issued from a ‘trusted’ authority. In most cases you can ‘add an exception’ by clicking Continue to the message and it will go ahead and use the certificate anyway.

If however you would like to actually install our certificates onto your devices then please read on.

Installing PrivateRelay self-signed certificates

We have two certificates which are used for web access and Exchange access. These should be linked with the URL’s:

WebClient access
https://mail-ss.privaterelay.com
                    
-----BEGIN CERTIFICATE-----
MIIDsTCCApmgAwIBAgIJANkQdPIUqCvNMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV
BAYTAkZSMRYwFAYDVQQIDA1JbGUtZGUtRnJhbmNlMQ4wDAYDVQQHDAVQYXJpczEV
MBMGA1UECgwMUHJpdmF0ZVJlbGF5MSEwHwYDVQQDDBhtYWlsLXNzLnByaXZhdGVy
ZWxheS5jb20wHhcNMTQwNDEwMDkyMTExWhcNMjQwNDA3MDkyMTExWjBvMQswCQYD
VQQGEwJGUjEWMBQGA1UECAwNSWxlLWRlLUZyYW5jZTEOMAwGA1UEBwwFUGFyaXMx
FTATBgNVBAoMDFByaXZhdGVSZWxheTEhMB8GA1UEAwwYbWFpbC1zcy5wcml2YXRl
cmVsYXkuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJJbpu2V
FzMS9i/HWcgrSW9JKhvz7ynZsGwYV0BwO9DB/zpyB1+CN/SXP1Q14eQQr7ZnYM0P
decqZVD1VVHyZc4QZYkLqR7ag8v56QuJx/DPLYcikNctH1c90Vw/Gtv3FEN18GH2
ftMBIJhoHG72X0Vatav6g7KB9QJBG2pnEdKBvSJyrf9dAKWE+DTlkRyxt+HkQoFo
+T6pkmptcANXqjolxiB+MnHzDak5QJCF1cx5gDJGyXRro7mEZlHjrjXTSpprkkSV
zDil/ic1E99iN4oGn+pk8iPj2CWrrb2ZHBt141OEcNjhRTabSal0FAbIAtlkRsbV
T4wWGP7+UhmGXQIDAQABo1AwTjAdBgNVHQ4EFgQUaFrvW+u0fL6GaJ92pwCpfD0G
500wHwYDVR0jBBgwFoAUaFrvW+u0fL6GaJ92pwCpfD0G500wDAYDVR0TBAUwAwEB
/zANBgkqhkiG9w0BAQsFAAOCAQEAjRExVVoz9ZNXKQY9PEJXhPn4QkfBAruF4pop
xP3o/UfX/IIlF3WCO9Sas6W84hodcVhmQVqwpKWg+58JMXitz58Zuqn+3xFObopS
++nPii4Z32RNpCs7K8Kbm5J+4/zKwKGp9eJZz59pYC2/gz/6ueknxFzHnu5DvAcf
6USCEnmEcHycD81pn+yPYeFB1sga6iErQgYMKouf0+E8dOIH5zh7fbofo/iE4+HW
lv9FlIXvpdi+4Bs/vC6FRZZoDCrbqtZ/H0/FziJrf5cPk/KUWSyqtzEL/KvpevnD
ojTUIYagPeSzgzjKdwCUi2QZMZpKm/1wYCGV+W6/oSmvjnSKWg==
-----END CERTIFICATE-----
                                        
Exchange protocol access
exchange-ss.privaterelay.com
                    
-----BEGIN CERTIFICATE-----
MIIDuTCCAqGgAwIBAgIJAMIJKGHIRcQyMA0GCSqGSIb3DQEBCwUAMHMxCzAJBgNV
BAYTAkZSMRYwFAYDVQQIDA1JbGUtZGUtRnJhbmNlMQ4wDAYDVQQHDAVQYXJpczEV
MBMGA1UECgwMUHJpdmF0ZVJlbGF5MSUwIwYDVQQDDBxleGNoYW5nZS1zcy5wcml2
YXRlcmVsYXkuY29tMB4XDTE0MDQxMDA3MzczMVoXDTI0MDQwNzA3MzczMVowczEL
MAkGA1UEBhMCRlIxFjAUBgNVBAgMDUlsZS1kZS1GcmFuY2UxDjAMBgNVBAcMBVBh
cmlzMRUwEwYDVQQKDAxQcml2YXRlUmVsYXkxJTAjBgNVBAMMHGV4Y2hhbmdlLXNz
LnByaXZhdGVyZWxheS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC7onspUWTPUjjqNLxB15F9MkX298OTT+NmyDYnmIMn24miNvwPt8f+StR8PhDZ
WwXD589DzR1QIenteDMZ5ysXWg1r3Y1gAE7ywE3WKNq046N8q6ksj9jsKzQw9vls
lpAdxFmnXpvBMoLOi25BZGHAMB1znM7EyetKrAcaLyvf77LFI4ZQD6ug6LZnRiav
+m4UzO3M2kCcRWcqatXhMefVlHSCPdBtRPHPBNdzC7JUa0Uj91hVp5LtgV7Efw42
y16E2jGcJBbI1CvConGrBIb+ZHEjDC1U6ejODAdzFFr2ZdbVBFd09yRv92FPeCey
vBvPvzy2NaCcryv6NTkpGI5rAgMBAAGjUDBOMB0GA1UdDgQWBBSdckDnHglWTd77
eLVtZlSd8Zzt1DAfBgNVHSMEGDAWgBSdckDnHglWTd77eLVtZlSd8Zzt1DAMBgNV
HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCC+5QXp7RAZZte7fkNKlt3Vcpz
t/8sMT0mLWZW85YbV6ggIBz41xIJ0L+6QMCmTgVDZ1pHpG1XTAlDHq2H7LPjieYY
8Jwjk4No3KtKHwGTAhgY6Fs1RFrLudqwcqo5mRaNH+VkvPuaOgmZoefENsSPHC2p
wsAqVechvAGvc/2nhRaI1QJY2pRhAnnYivjY4kAqOMUtoBR0iz+A2u1g+D+VHMSf
emRr3BjaM/IdZ7QzvtxJzb0C+PmZ1XriGvtWP59gB66op7e2GazkVWddN8DI/Z9U
52BRxStgZFrT2SkGnKSay3gMdLEnqjzaRP17a/lzlXGarSVO+u5YmNTDI8Mr
-----END CERTIFICATE-----
                                        

Download

You may also download these certificates to then install in your own applications:

mail-ss.privaterelay.com.crt
exchange-ss.privaterelay.com.crt

Email

We can also send the certificates to you via email, which can then be easily installed on your Apple iOS or Android etc. devices.

Send

 

Feedback

Did you find this page useful?

Yes No

Great, thanks for letting us know!

 

Thanks for voting and sorry it's not up to scratch, could you give us more details?

Send