There are two interesting moments in NordVPN situation nobody talks about.
**Moment #1**: besides TLS private key for *.nordvpn.com from commercial central authority which was used for squid and apparently for IPsec, there was also ca.key from OpenVPN
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
"ca.key" file name is usually used for private key of root OpenVPN central authority. To use it, you also need to have certificate file ca.crt, but it's missing in the leak. Certificate usually could be easily obtained from OpenVPN connection establishment (it's a public file, OpenVPN sends it to the client upon connection), but current NordVPN configuration does not have certificates corresponding to the leaked ca.key.
Current NordVPN PKI is as follows:
1. C = PA, O = NordVPN, CN = NordVPN Root CA
2. C = PA, O = NordVPN, CN = NordVPN CA3
3. CN = xxxyyy.nordvpn.com
Both NordVPN Root CA and NordVPN CA3 does not correspond to ca.key (the modulus are different). CA3 has:
Not Before: Jan 1 00:00:00 2018 GMT
Not After : Dec 31 23:59:59 2019 GMT
So the current CA (CA3) has been created before compromised server installation (31 Jan 2018). Not Before and Not After dates are most probably were set with within the year accuracy, but there's a [post on the internet](https://www.computerbase.de/forum/threads/nordvpn-jedoch-mit-eigenem-dns-ueber-openvpn.1845970/#post-22114791) which indicates that it was already in use as of 2 Jan 2019, which tells us it was in use before NordVPN knew that fi30.nordvpn.com is compromised (13 Apr 2019) and is in use to this day.
2019-01-02 12:07:15 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2019-01-02 12:07:15 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA3
2019-01-02 12:07:15 VERIFY KU OK
I don't know what to think. This could be an old file of outdated CA which is not used anymore (but why does it still copied upon provisioning, if this exact compromised server has been installed on 31 Jan 2018?). Needless to say, ca.key is not required for OpenVPN server operation and should not be copied under any condition. Could this be an older CA2?
If one find public certificate for this file, which is signed by NordVPN Root CA and still active, it would be possible to perform Man-in-the-Middle attack for to any NordVPN server.
**Moment #2, the interesting one**: The owner of fi30.nordvpn.com compromised server certificate + key can also perform Man-in-the-Middle attack to any NordVPN server, because OpenVPN does not check certificate's Common Name by default and NordVPN OpenVPN configuration files do not use this option. The server is shut down already, so you can't just grab the certificate anymore, but I bet there are people who have it. It's transmitted in plain text (just as in usual TLS), so you can extract it from tcpdump/wireshark dump of that time.
NordVPN uses neither Certificate Revocation Lists (CRL) nor Online Certificate Status Protocol (OCSP). Server certificates are signed for 1 year.
**Summary**: if we assume that f30.nordvpn.com used CA3, it seems that the attacker with public certificate and private key for this server can perform Man-in-the-Middle attack to any NordVPN OpenVPN server until 31 Dec 2019 (that's the Not After date of CA3), and NordVPN can't easily fix this, except to add the server certificate into Certificate Revocation List to the **clients** configuration file. They surely can do that in their client software automatically, but those who use standard OpenVPN client would need to re-download OpenVPN configuration files manually.
https://files.catbox.moe/vtxeiz.zip ← archive with all the files for curious.