Author Topic: [Avast:2015.10.0.2208] Web Shield against the web site with self-signed cert.  (Read 7855 times)

0 Members and 1 Guest are viewing this topic.

Offline charlee_ch

  • Newbie
  • *
  • Posts: 2
Hi,

I've update to the latest and greatest Avast: 2015.10.0.2208. When I'm trying to access to my local web sites with https / self-signed certificate, the Web Shield generates new certificate which is issued by the following: -

CN = avast! Web/Mail Shield Untrusted Root
O = avast! Web/Mail Shield
OU = generated by avast! antivirus for untrusted server certificates

My local web site certificate is signed by my local root certificate generated by openSSL. This root certificate also in the windows trusted root certificate authorities. When I turn off the Web Shield or add my local web site URL to the exclusion list, it work fine.

Could you please help to advise how I can access to my local web site without to turn of web shield or add to the exclusion list? May I request for the Avast generated certificate for CN = avast! Web/Mail Shield Untrusted Root?

Thank you very much for your help in advance. I'm looking forward to hearing from you soon.

Regards,

Charlee Ch.


Offline lukor

  • Avast team
  • Super Poster
  • *
  • Posts: 1878
    • AVAST Software
Hi Charlee,
this would happen if for some reason avast was not able to see the self-signed certificate in the Windows certificate store. Are you really sure it is there and not only white listed in the browser? And what is your browser, please?

Thanks.
Lukas.



Offline vojtech

  • Avast team
  • Advanced Poster
  • *
  • Posts: 939
    • ALWIL Software
WebShield currently uses system (not user) certificate stores. It should work if you add your certificate to the system root store.
(Start mmc.exe as admin, menu File->Add/Remove Snap-in, select Certificates, click Add, select Computer account and Local computer)
We will probably fix this in a future version.

Offline charlee_ch

  • Newbie
  • *
  • Posts: 2
Hi Lucus and vojtech

Thank you very much for your replying. Originally I added that root certificate to the Windows: user certificate stores. Then I've added it to the Windows System certificate stores, the WebShield works greats. Avast is able to protect my local website.

By the way, the WebShield generates the certificate with SHA-1. But My certificate originally is a 2048 bits with SHA-256. Is there any way to let the WebShield to generate as SHA-256 or greater?

Regards,

Charlee Ch.
« Last Edit: November 21, 2014, 05:27:57 AM by charlee_ch »

Offline vojtech

  • Avast team
  • Advanced Poster
  • *
  • Posts: 939
    • ALWIL Software
It cannot be configured, but we will consider using SHA-256 in future versions.