CyberGhost Installs Root Certificate



According to a news report published on Best VPN by Douglas Crawford, a recent update on CyberGhost VPN’s Android and desktop’s software included new features, such as ‘Block Malicious Websites’, ‘Block Ads’, and ‘Block Online Tracking’. Once you enable these, though, CyberGhost will install a root certificate into your computer’s system, which is a bad news for your security.

However, CyberGhost clarified that the last version of their software (CG5) did make use of the Fiddler Root Certificate in order to block ads. CG6, the latest version, though, no longer supports this and does not install a root certificate, and that “all filters are now server side and do not touch HTTPS”. This is a relief to CyberGhost VPN users, but the fact that they used to install root certificates is a bit suspicious.

CyberGhost Installs Root Certificate


Root Certificate in a Nutshell

DNSimple defines a root certificate as “a certificate issued by a trusted certificate authority (CA)”. When you visit a HTTPS website, it establishes an encrypted link between the server and the browser. And to do this, the website must present your browser with an SSL certificate that has been authenticated by the CA. Once the browser is presented with the said certificate, it will recognize the website as genuine and secure. An indicator of an HTTPS website is the padlock icon in the address bar next to its domain name.

A VPN that installed a root certificate in your computer (like the CG5 version) will be able to attack all your SSL-encrypted traffic. This is otherwise known as a Man-in-the-Middle attack. CyberGhost can intercept and decrypt all of the data that goes through the encrypted link – even sensitive information such as email addresses, passwords, and bank account details. And it can re-encrypt the data and pass it to the website like nothing happened.

Although it is true that CyberGhost does not keep logs of your online activity, a root certificate means that they can access more information from you even if you are using their VPN service to be ‘protected’.

How to Manage Your Computer’s Trusted Root Certificates

For Windows:

  1. Click the Start button and type ‘mmc’ on the Search bar. This will run command.
  2. Click the File menu, then select Add/Remove Snap-in.
  3. In the Available Snap-ins list, select Local Group Policy Object Editor then click Add located on the right side of the list.
  4. Select which computer you want the Group Policy Object to be edited then click Finish.
  5. Add more snap-ins that you wish to edit, then click OK.
  6. In the console tree, go to Local Computer Policy, Computer Configuration, Windows Settings, Security Settings, and then click Public Key Policies.
  7. Select Certificate Path Validation Settings, then click the Stores tab.
  8. Check the Define These Policy Settings box, then look for Per User Certificate Stores, uncheck the boxes with ‘Allow user trusted root CAs to be used to validate certificates’ and ‘Allow users to trust peer trust certificates’.
  9. In the Root Certificate Stores, select the root CAs that the client computers can trust, and then click OK to apply the new settings.

For OS X:

  1. Obtain the SSL certificate, then double click the .crt file. This will open the Keychain Access and Add Certificate window.
  2. Select the System keychain. This is where you’ll add the certificate to. Then enter your administrator password.
  3. Select Trust, then expand Details. Verify the details if it matches with the information you have been provided.
  4. Expand Trust, then select Always Trust.
  5. Enter the administrator password.

CyberGhost Installs Root Certificate


Crawford, D. 2016. What the Hell is CyberGhost Up To? Updated


Danen, V. 2010. Managing SSL Certificate Authorities on OS X

CyberGhost Installs Root Certificate

Please follow and like us:
Social media & sharing icons powered by UltimatelySocial