Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: charlee_ch on November 20, 2014, 07:31:25 AM

Title: [Avast:2015.10.0.2208] Web Shield against the web site with self-signed cert.
Post by: charlee_ch on November 20, 2014, 07:31:25 AM

Hi,

I've update to the latest and greatest Avast: 2015.10.0.2208. When I'm trying to access to my local web sites with https / self-signed certificate, the Web Shield generates new certificate which is issued by the following: -

CN = avast! Web/Mail Shield Untrusted Root
O = avast! Web/Mail Shield
OU = generated by avast! antivirus for untrusted server certificates

My local web site certificate is signed by my local root certificate generated by openSSL. This root certificate also in the windows trusted root certificate authorities. When I turn off the Web Shield or add my local web site URL to the exclusion list, it work fine.

Could you please help to advise how I can access to my local web site without to turn of web shield or add to the exclusion list? May I request for the Avast generated certificate for CN = avast! Web/Mail Shield Untrusted Root?

Thank you very much for your help in advance. I'm looking forward to hearing from you soon.

Regards,

Charlee Ch.

Title: Re: [Avast:2015.10.0.2208] Web Shield against the web site with self-signed cert.
Post by: lukor on November 20, 2014, 04:36:38 PM

Hi Charlee,
this would happen if for some reason avast was not able to see the self-signed certificate in the Windows certificate store. Are you really sure it is there and not only white listed in the browser? And what is your browser, please?

Thanks.
Lukas.

Title: Re: [Avast:2015.10.0.2208] Web Shield against the web site with self-signed cert.
Post by: vojtech on November 20, 2014, 05:46:07 PM

WebShield currently uses system (not user) certificate stores. It should work if you add your certificate to the system root store.
(Start mmc.exe as admin, menu File->Add/Remove Snap-in, select Certificates, click Add, select Computer account and Local computer)
We will probably fix this in a future version.

Title: Re: [Avast:2015.10.0.2208] Web Shield against the web site with self-signed cert.
Post by: charlee_ch on November 21, 2014, 03:21:59 AM

Hi Lucus and vojtech

Thank you very much for your replying. Originally I added that root certificate to the Windows: user certificate stores. Then I've added it to the Windows System certificate stores, the WebShield works greats. Avast is able to protect my local website.

By the way, the WebShield generates the certificate with SHA-1. But My certificate originally is a 2048 bits with SHA-256. Is there any way to let the WebShield to generate as SHA-256 or greater?

Regards,

Charlee Ch.

Title: Re: [Avast:2015.10.0.2208] Web Shield against the web site with self-signed cert.
Post by: vojtech on November 21, 2014, 04:26:29 PM

It cannot be configured, but we will consider using SHA-256 in future versions.