« previous next »
Pages: [1]   Go Down

Author Topic: [Avast:2015.10.0.2208] Web Shield against the web site with self-signed cert.  (Read 9146 times)

0 Members and 1 Guest are viewing this topic.

Offline charlee_ch

  • Newbie
  • *
  • Posts: 2
[Avast:2015.10.0.2208] Web Shield against the web site with self-signed cert.
« on: November 20, 2014, 07:31:25 AM »
Hi,

I've update to the latest and greatest Avast: 2015.10.0.2208. When I'm trying to access to my local web sites with https / self-signed certificate, the Web Shield generates new certificate which is issued by the following: -

CN = avast! Web/Mail Shield Untrusted Root
O = avast! Web/Mail Shield
OU = generated by avast! antivirus for untrusted server certificates

My local web site certificate is signed by my local root certificate generated by openSSL. This root certificate also in the windows trusted root certificate authorities. When I turn off the Web Shield or add my local web site URL to the exclusion list, it work fine.

Could you please help to advise how I can access to my local web site without to turn of web shield or add to the exclusion list? May I request for the Avast generated certificate for CN = avast! Web/Mail Shield Untrusted Root?

Thank you very much for your help in advance. I'm looking forward to hearing from you soon.

Regards,

Charlee Ch.

Logged

Offline lukor

  • Administrator
  • Super Poster
  • ***
  • Posts: 1884
    • AVAST Software
Re: [Avast:2015.10.0.2208] Web Shield against the web site with self-signed cert.
« Reply #1 on: November 20, 2014, 04:36:38 PM »
Hi Charlee,
this would happen if for some reason avast was not able to see the self-signed certificate in the Windows certificate store. Are you really sure it is there and not only white listed in the browser? And what is your browser, please?

Thanks.
Lukas.


Logged

Offline vojtech

  • Avast team
  • Advanced Poster
  • *
  • Posts: 939
    • ALWIL Software
Re: [Avast:2015.10.0.2208] Web Shield against the web site with self-signed cert.
« Reply #2 on: November 20, 2014, 05:46:07 PM »
WebShield currently uses system (not user) certificate stores. It should work if you add your certificate to the system root store.
(Start mmc.exe as admin, menu File->Add/Remove Snap-in, select Certificates, click Add, select Computer account and Local computer)
We will probably fix this in a future version.
Logged

Offline charlee_ch

  • Newbie
  • *
  • Posts: 2
Re: [Avast:2015.10.0.2208] Web Shield against the web site with self-signed cert.
« Reply #3 on: November 21, 2014, 03:21:59 AM »
Hi Lucus and vojtech

Thank you very much for your replying. Originally I added that root certificate to the Windows: user certificate stores. Then I've added it to the Windows System certificate stores, the WebShield works greats. Avast is able to protect my local website.

By the way, the WebShield generates the certificate with SHA-1. But My certificate originally is a 2048 bits with SHA-256. Is there any way to let the WebShield to generate as SHA-256 or greater?

Regards,

Charlee Ch.
« Last Edit: November 21, 2014, 05:27:57 AM by charlee_ch »
Logged

Offline vojtech

  • Avast team
  • Advanced Poster
  • *
  • Posts: 939
    • ALWIL Software
Re: [Avast:2015.10.0.2208] Web Shield against the web site with self-signed cert.
« Reply #4 on: November 21, 2014, 04:26:29 PM »
It cannot be configured, but we will consider using SHA-256 in future versions.
Logged
Pages: [1]   Go Up
« previous next »