Author Topic: Updated to 2015, Now Chrome is giving me "Your connection is not private" msg.  (Read 71373 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
When I load Chrome, the start page is google.com.  The https:// gets crossed out in red, and a page is displayed stating the below message.  When I disable avast shields, it works fine.  Would someone let me know if this is being corrected?

"Your connection is not private

Attackers might be trying to steal your information from www.google.com (for example, passwords, messages, or credit cards).

ReloadHide advanced
www.google.com normally uses encryption to protect your information. When Chrome tried to connect to www.google.com this time, the website sent back unusual and incorrect credentials. Either an attacker is trying to pretend to be www.google.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.

You cannot visit www.google.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.

NET::ERR_CERT_AUTHORITY_INVALID

Subject: www.google.com
Issuer: avast! Web/Mail Shield Root
Expires on: Feb 2, 2015
Current date: Nov 24, 2014
PEM encoded chain: -----BEGIN CERTIFICATE-----
MIIEHDCCAwSgAwIBAgIQ9ut8RwluxkWwQq659ASscjANBgkqhkiG9w0BAQUFADCB
hDE7MDkGA1UECwwyZ2VuZXJhdGVkIGJ5IGF2YXN0ISBhbnRpdmlydXMgZm9yIFNT
TC9UTFMgc2Nhbm5pbmcxHzAdBgNVBAoMFmF2YXN0ISBXZWIvTWFpbCBTaGllbGQx
JDAiBgNVBAMMG2F2YXN0ISBXZWIvTWFpbCBTaGllbGQgUm9vdDAeFw0xNDExMDUx
MjIyNDJaFw0xNTAyMDMwMDAwMDBaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApD
YWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKDApHb29n
bGUgSW5jMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAK7ZSEZJXXha35t7J0SQyAaFWnptAUugHJqI/EBDdW01
3fZMyOYCHa+o9QXvFECXSglMInGg2IEzLCq6AQAL08gx/wvkxIx0nxOtgPySoMZE
z2gc+hSez5h4OotOIAJ7i3uH7tnmRd875ogPzXEEvUYPUpZA/9kTMs/6JsBWtDd0
aQofBpX1y+Aufwcgoe5Q8sha1kybKAxZXn9I+7Nlgmjh9MZwQE801uUNWZyOgC0P
/if3Akiv1Q0+Di+IttMUj++rpEpQAhlP50ZsoVSR21iMG6zXIX07kugvHK681NlJ
WHx4tMhgKS6CeMZdxfPTkw/bsIIxmNlRVcQSJdjJY2UCAwEAAaOBpDCBoTAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2ds
ZS5jb20wHQYDVR0OBBYEFBirSC6wmOYxpoGyaO942eI0Xkv3MAwGA1UdEwEB/wQC
MAAwHwYDVR0jBBgwFoAUTdnfyM+/dsEXjcwn/y9uonz9czowFwYDVR0gBBAwDjAM
BgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEBBQUAA4IBAQAC+6n8Vag22obwDbkQU+S2
1kWmL2W3uSzpYno6vSX0cYuQ/ScQjiHnfx8dn9TeAjC2MUfe65TqEF59d+RQxat3
7L/whDnOV+HE4TaIotjK/IJqlxo7/qkQM68SUM30kZ+TcEb5mU7jBrmyf2OAEerQ
DFKIuIgsWEvUbWal+h6S/YFr3gc20zdLgoR1qf7WNH0SE0m7FmLqN8zIcCAbfBR0
sF8Ls+40ZHIx6aESZ13H4UvdlRyBdFQrb5RygJ8DZyWHwiKHCbNzvPapmhjUwRDB
Tu9Wq16myremx0J8rRzFzKyWLC/F4m+VXJ+Y8WUaLK0HA5W77ZaVWv/8j2nkEQc8
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIECTCCAvGgAwIBAgIQ1XWtNmu0oEShlrLITzX9hTANBgkqhkiG9w0BAQUFADCB
hDE7MDkGA1UECwwyZ2VuZXJhdGVkIGJ5IGF2YXN0ISBhbnRpdmlydXMgZm9yIFNT
TC9UTFMgc2Nhbm5pbmcxHzAdBgNVBAoMFmF2YXN0ISBXZWIvTWFpbCBTaGllbGQx
JDAiBgNVBAMMG2F2YXN0ISBXZWIvTWFpbCBTaGllbGQgUm9vdDAeFw0xNDExMjUw
NDA2NDdaFw0yNDExMjIwNDA2NDdaMIGEMTswOQYDVQQLDDJnZW5lcmF0ZWQgYnkg
YXZhc3QhIGFudGl2aXJ1cyBmb3IgU1NML1RMUyBzY2FubmluZzEfMB0GA1UECgwW
YXZhc3QhIFdlYi9NYWlsIFNoaWVsZDEkMCIGA1UEAwwbYXZhc3QhIFdlYi9NYWls
IFNoaWVsZCBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3fOT
tnrc06B8nEskKTGO5XuURcoo2Qra0WKDkc/0wa4JOBQfkXo2fdBfXoj/AaHxqbcR
+h+8IJnmcwbB23j2Qh5VngEE0xW/uDuKEYCoiwI9Kec3AsfBieoOfMxvuk/tBx6x
GoCLUnQdVmMsPfnaxN1RmSGclmdgFOoLvNO5kdWtKSuX68fAo3irvK11ixTcKb5E
tEDTb7F61JNICX8JxSMgbHtevIZOBwjWZR7ueZsplD/ING1IOHcQzfFWikk45YrZ
tYrrCcJBMQW0E3G2d/slE9MiFp8dicteUAaZWf1+/rulyY3vhvAy8sVJlbOKIqVx
QiRZ9NhKEUSBC5wNswIDAQABo3UwczAPBgNVHRMECDAGAQH/AgEAMAsGA1UdDwQE
AwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUTdnfyM+/dsEXjcwn
/y9uonz9czowHwYDVR0jBBgwFoAUTdnfyM+/dsEXjcwn/y9uonz9czowDQYJKoZI
hvcNAQEFBQADggEBAAHEKu5tOsI1Xo5zXYIWGPSyNycP1b5AZrwUMVLDMInTA7QG
9oPxmVhsRQXisWSoCGoTKbU94+x/hmNzFB1HyWN0SRJQtoXMOKYM4XkOMwxyZCoZ
cGHefUeBQaQ9fNDBG/wr0ggHhirWXz+75TROhcA1xDBnMbBta/PjwQvG+hBJnE0m
NMno/LgYqq2fpcvK96j7vjJTHRbQ5Mt7rGambeK5SE5qcHJXrwAUCLennjIQVeBx
r9AgQqPgENLEOFGeoy51rt3FRQIYMcnVw8QHkULbGZTXJUAhoDWghpZ5XfdeYhi7
mEUKh7wL3Cbnbq/Nh5P97V7nEXAPVvC6b2AroP0=
-----END CERTIFICATE-----"


REDACTED

  • Guest

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Another user has posted a (possible) solution.
Please use the search option.

REDACTED

  • Guest
Another user has posted a (possible) solution.
Please use the search option.

OK, well I appreciate you telling me that, but I don't know what I'm searching for and can't find what you've seen.  Would you mind posting the thread url?  Thanks

REDACTED

  • Guest
Update:  Rebooted the system.  Initially I thought it was fixed.  Then I realized the shields were still disabled.  I restarted the shields.

Now, I can search google, but all other secure sites are still not functioning or showing up.  Including this forum:

"Your connection is not private

Attackers might be trying to steal your information from forum.avast.com (for example, passwords, messages, or credit cards)."

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
https://forum.avast.com/index.php?topic=157820.msg1150440#msg1150440
Are you using something like Trusteer?

What happens if you only disable https scanning in avast?

Edit:
some information about the error:
https://support.google.com/chrome/answer/6098869?hl=en
« Last Edit: November 25, 2014, 09:48:10 PM by Eddy »

REDACTED

  • Guest
https://forum.avast.com/index.php?topic=157820.msg1150440#msg1150440
Are you using something like Trusteer?

What happens if you only disable https scanning in avast?

Edit:
some information about the error:
https://support.google.com/chrome/answer/6098869?hl=en

Not using anything like Trusteer.  I have had issues with MalwareBytes Anti-Malware conflicting with installations of Avast in the past, but that doesn't seem to have happened with this upgrade.  Before it would say Avast isn't running when that problem occured, and that's not the error I'm getting.

The good news is I did as you suggested and unchecked https scanning in the settings, that seems to have resolved the issue!  I am hoping this is just a bug with Avast and not Avast telling me something important I'm not able to see.

Thanks for your help.


EDIT:  I also found this thread which is right on target with my problem.

https://forum.avast.com/index.php?topic=158935.15
« Last Edit: November 25, 2014, 11:03:52 PM by jollywolf »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
That was the thread I had in mind in my first reply  :D

Offline lukor

  • Administrator
  • Super Poster
  • ***
  • Posts: 1884
    • AVAST Software
Hi,
this seems like we weren't sucessfull in adding the root certificate into the trusted certificate store.

My advice here is to do the easy things first:

1) check your time and date? is it correct?

2) reinstall avast -- uninstall, reboot, reinstall again -- what I hope this will do here is removing the certificate (if any) and re-generating the root one again. It will also clean the certificate store from all the certificates we have (webshield) ever created. And during reinstall you'll get a second try.

3) you can also do most of the checks from 2) manually:

   i) go to the certificate store and check for Mail/Web Shield root certificate in it
       - Start / Run (or Win+R on Windows 8 ) / certmgr.msc   
       - Navigate to Trusted Root Certificate Authorities \ Certificates
       - Look for the Avast root certificate there - it should be "avast! Web/Mail Shield Root"

   ii) if not there, you can manually import it into the store
       - Start / Run ( or Win+R on Windows 8 )
       - Type:
            C:\ProgramData\AVAST Software\Avast\wscert.der

      - A certificate window should open. Similar to the one attached.
      - Click Install Certificate
      - Choose: Store location: Local machine
      - Choose: Place all certificates into the following store
      - Click browse and navigate to "Trusted Root Certification Authorities"
      - Restart the browser




 
« Last Edit: November 25, 2014, 11:51:36 PM by lukor »

Offline Lord_Ami

  • Sr. Member
  • ****
  • Posts: 227
Are you using Zemana Antilogger free?

//
fixed typo
« Last Edit: November 26, 2014, 12:43:27 AM by Lord_Ami »

REDACTED

  • Guest
...

Hi, Lukor!  Thank you for responding so fast.  I will go through your suggestions in detail, but I have to see where Lord_Ami is going with this.  I am in fact using Zemana Antilogger Free.

Are you using Zemana Antilogger free

YES.  Are you having problems too?

REDACTED

  • Guest
3) you can also do most of the checks from 2) manually:

   i) go to the certificate store and check for Mail/Web Shield root certificate in it
       - Start / Run (or Win+R on Windows 8 ) / certmgr.msc   
       - Navigate to Trusted Root Certificate Authorities \ Certificates
       - Look for the Avast root certificate there - it should be "avast! Web/Mail Shield Root"

   ii) if not there, you can manually import it into the store
       - Start / Run ( or Win+R on Windows 8 )
       - Type:
            C:\ProgramData\AVAST Software\Avast\wscert.der

      - A certificate window should open. Similar to the one attached.
      - Click Install Certificate
      - Choose: Store location: Local machine
      - Choose: Place all certificates into the following store
      - Click browse and navigate to "Trusted Root Certification Authorities"
      - Restart the browser

I checked to see if the certificate was there, and it is.  I'm waiting to reinstall after I hear from Lord_Ami.

Offline lukor

  • Administrator
  • Super Poster
  • ***
  • Posts: 1884
    • AVAST Software
Time/Date is correct?

When you open the certificate (on the connection that fails in chrome), what do you seen on the root? Can you post a screenshot?


Offline Lord_Ami

  • Sr. Member
  • ****
  • Posts: 227
Disable Zemana's SSL protection as it does not trust avast! certificates. I've reported it to Zemana and they are adding "compatibility" warning in next version as far as I understood.
It would be better if Avast staff contacts them about this issue.

REDACTED

  • Guest
Time/Date is correct?

When you open the certificate (on the connection that fails in chrome), what do you seen on the root? Can you post a screenshot?

Time/Date is correct... I don't understand the rest of what you are asking.  Sorry.  I do not see an option to open the certifcate when it fails and I don't know what the root is.


Disable Zemana's SSL protection as it does not trust avast! certificates. I've reported it to Zemana and they are adding "compatibility" warning in next version as far as I understood.
It would be better if Avast staff contacts them about this issue.

It appears you're right.  I turned off SSL in Zemana, and re-enabled HTTPS checking in Avast, and I no longer seem to have any issues.  Lord_Ami, do you feel like they both do the same thing?  Which do you prefer to use Zemana's or Avasts?