How ExpressVPN apps confirm they’re talking to ExpressVPN servers

ExpressVPN news
3 mins
ExpressVPN secure server connection

This post was originally published on December 7, 2016.

When you connect to a VPN, have you ever wondered if you’re connecting to a genuine VPN server? What if a third party—like a government, ISP, or WiFi hotspot operator—tried to redirect you to a different server without your knowledge?

ExpressVPN users don’t have to worry about such man-in-the-middle attacks, as they are provided with the best possible security, ensuring complete protection while browsing the internet.

ExpressVPN identifies servers with a certificate exchange

When connecting to an OpenVPN server with the ExpressVPN app, the server will identify itself by sending a certificate back to the app.

The certificate contains three key pieces of information:

  1. A cryptographically secure signature
  2. The unique name or common name of the server
  3. The server’s public key

ExpressVPN server certificate

1. Cryptographically secure signatures

The signature on the certificate is computed by using the private key of the ExpressVPN Certificate Authority (CA). The CA’s private key is held securely by ExpressVPN and is accessible neither by the application nor any VPN server.

The ExpressVPN app contains a copy of CA’s public key which is used to check the signature on the certificate. If the key doesn’t match, the server (strictly speaking, the current connection to the server) can’t be trusted, and the connection is terminated.

How secure are ExpressVPN’s certificates?

To validate a certificate from an HTTPS website, your browser must use one of a selection of trusted certificate authorities. A browser could potentially use hundreds of certificate authorities, which may be pre-installed on the browser, provided by your OS, or even maliciously installed—which could happen as a result of malware or a phishing attack.

In contrast, ExpressVPN apps use only one certificate authority, which is shipped with the application and cannot be changed.

Also, ExpressVPN certificates are all signed using SHA512 hashing and a 4096 bit RSA key. As a comparison, the majority of popular websites—including those of most banks—only use a 2048 bit RSA key!

To put the strength of 4096 bit RSA key encryption into perspective, it would take the combined power of every computing resource on the planet longer to crack than the life expectancy of the Sun.

Not only are ExpressVPN certificates more secure than those used by most websites, but the verification process is also more secure than that used by most browsers.

Checking ExpressVPN’s 4096 bit RSA key encryption

If you wish to verify ExpressVPN’s encryption, follow these steps:

  1. Log in and download an ExpressVPN config from the setup page
  2. Extract the Certificate Authority from inside the tags
  3. Save to a file
  4. Run the following command* from a shell: openssl x509 -text -noout -in $SAVED_FILE

*This command reads the CA in the client config and displays it in human-readable form.

2. The unique name or common name of the server

Once the ExpressVPN app is confident that the certificate is genuine, it will check the common name of the server. The common name is embedded in the certificate and impossible to fake (since the certificate is already verified).

Every ExpressVPN server has a unique common name. The app checks to make sure the server has the common name it expects. When the common name is unexpected, the app will terminate the connection.

Confirming the common name

When connected, check the OpenVPN output to check the full common name of the server. If you see a line containing VERIFY X509NAME OK in the output, then the common name is verified.

To check the common name in ExpressVPN desktop apps, just connect and select Diagnostics.

You should see an output containing the following:

VERIFY X509NAME OK: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-817-1a, emailAddress=support@expressvpn.com

The unique server name will depend on which server you are connected to. In this case, the unique server name is: CN=Server-817-1a

3. The server’s public key

Once the ExpressVPN app has confirmed the identity of the server it will set up a secure and encrypted channel. The app uses the server’s public key and standard cryptographic techniques to produce a symmetric key pair, using asymmetric encryption.

ExpressVPN server certificate.

ExpressVPN ensures a secure connection to VPN servers

Connecting to a trusted server is vital to protect your security and privacy. Doing so ensures that your data is neither intercepted nor interfered with.

ExpressVPN uses many different methods to keep your internet connection secured, including:

  • Best-in-class encryption
  • Uniquely identifiable VPN servers
  • A single trusted CA with a publicly inaccessible private key

Such measures ensure that your connections are always private and secure with ExpressVPN.

The devs are the backbone of ExpressVPN and occasionally contribute their otherworldly wisdom to the blog.