Author Topic: Secured connections and the certificate pop up in Opera  (Read 6209 times)

0 Members and 1 Guest are viewing this topic.

Keanu

  • Guest
Secured connections and the certificate pop up in Opera
« on: May 19, 2013, 09:45:59 PM »
Hey there avast support,

first of all: thank you for the software, it's great and free.

I am having an issue with the "scan secured connection" option in my Web Shield. If this option is ON then I am getting a large amount of pop ups for all SSL certificates (for example the one of facebook.com) in Opera. The avast!  (trusted and untrusted) CA certificate is not installed in the browser (same for Safari actually). avast! seems to start a man in the middle attack to be able to scan the data transferred over my network connection. The result is that all SSL certs are coming form the avast! CA.

Is this a bug? Is my configuration broken? What should be done here?
Does installing the avast! CA certs solve the issue? Where do I get it?

Kind regards
Keanu

Offline tumic

  • Avast team
  • Advanced Poster
  • *
  • Posts: 723
Re: Secured connections and the certificate pop up in Opera
« Reply #1 on: May 20, 2013, 11:07:16 AM »
You must install the "avast trusted CA" certificate that can be found in the system keychain
into Opera for proper HTTPS scanning (More technical info can be found here:
http://public.avast.com/~tuma/techinfo/). For all supported browsers (Safari, Chrome, Firefox),
we do this automatically during install, but there is no support for Opera in avast! for Mac.

Keanu

  • Guest
Re: Secured connections and the certificate pop up in Opera
« Reply #2 on: May 20, 2013, 04:24:01 PM »
I am observing same behavior in Safari. I checked my wife's installation and the option is not a default option as it seems. The certificates are not installed at all from the point of view of the browser (including Safari).
The tech info does not explain why I am getting those pop ups about unknown avast CA.

EDIT START
I checked my key chain. I see the "avast! trusted CA" certificate but not the untrusted one.
EDIT STOP

Two questions:
- Can I manually install the certificate for individual browsers?
- Why does Safari have same problems when you are supporting it (I already re-installed avast yesterday because I thought that it would re-install its certificates then)?
« Last Edit: May 20, 2013, 04:58:17 PM by Keanu »

Offline tumic

  • Avast team
  • Advanced Poster
  • *
  • Posts: 723
Re: Secured connections and the certificate pop up in Opera
« Reply #3 on: May 20, 2013, 05:06:58 PM »
I am observing same behavior in Safari. I checked my wife's installation and the option is not a default option as it seems. The certificates are not installed at all.
How do I check my system key chain and whether avast has installed those certs?

How do you know, that the certificate is not installed, if you do not know where to search for it?!
The list of installed certificates can be inspected using the "Keychain Access" utility. A certificate
named "avast trusted CA" should be in the "System Roots" keychain. Moreover, it must be the
same certificate as in the file /Library/Application Support/avast/config/certs/cacert.pem.

The tech info does not explain why I am getting those pop ups about unknown avast CA.

Well, the technical info is definitely not aimed on ordinary Mac users. It shall explain the network
shield principles to advanced users and system administrators and help them to solve such
issues. There is definitely something wrong with your avast! installation, but unless you are an
"expert" (who can diagnose the problem with some hints like the techinfo), the best way for You
to get avast! working properly is to uninstall it and install it again.

Offline tumic

  • Avast team
  • Advanced Poster
  • *
  • Posts: 723
Re: Secured connections and the certificate pop up in Opera
« Reply #4 on: May 20, 2013, 05:19:39 PM »
EDIT START
I checked my key chain. I see the "avast! trusted CA" certificate but not the untrusted one.
EDIT STOP

That's correct. Adding the "avast untrusted CA" certificate to the keychain would ruin the whole
SSL security (it would generally allow MITM attacks).

Two questions:
- Can I manually install the certificate for individual browsers?

Yes. All browsers enable importing own CA certificates.

- Why does Safari have same problems when you are supporting it (I already re-installed avast yesterday because I thought that it would re-install its certificates then)?

That's the question. Something is probably wrong with your avast! instalation. If you get the
popups only on some servers, an explanation ma be found here:
http://forum.avast.com/index.php?topic=122734.0

Keanu

  • Guest
Re: Secured connections and the certificate pop up in Opera
« Reply #5 on: May 22, 2013, 09:21:07 PM »
After installing the certificate manually (exporting it from the key chain as first step) in Opera the pop ups are gone now. I am not using Safari at the moment but it should be my workaround for that browser as well. Thanks for answering my questions ;-)

Off topic: I hate that captcha on every single post/reply.

Offline tumic

  • Avast team
  • Advanced Poster
  • *
  • Posts: 723
Re: Secured connections and the certificate pop up in Opera
« Reply #6 on: May 23, 2013, 08:03:17 PM »
After installing the certificate manually (exporting it from the key chain as first step) in Opera the pop ups are gone now. I am not using Safari at the moment but it should be my workaround for that browser as well.

Safari uses the system keychain, so there is nothing to do for Safari, it must work "out of the  box".