Hi
I am having the same certificate verification problem with AVAST HTTPS scanning module with the Skype & Mclaren F1 websites...
I'm concerned that it appears to be using MItM (an actual attack) to subvert another legitimate security feature (HTTPS) in order to do so. That would seem to totally undermine what HTTPS provides -- my connection is no longer secured on the far side as Avast has made itself my effective far side when this is happening. Avast needs to work in concert with, not counter to, HTTPS in order to be effective. As it is, it's now difficult to initially see if my allegedly secure connection is being hijacked by Avast or an actual attack. (Do I not show an EV because there's no EV or because Avast has hijacked my HTTPS connection and broken the EV? Is someone else hijacking the HTTPS connection?) Avast represents a legitimate security source, and an apparent MItM approach isn't the sort of thing a legitimate enterprise should be doing.
I hold the same reservations over the MITM technique employed (as quoted above), however HTTPS does not leave a true alternative.
REALLY, My MAIN problem is: that Avast is sometimes using a SHA1 coding for it's certificates which is causing severe verification issues within Chrome (and Firefox?). Chrome is rightly flagging SHA1 as a security risk on Secure sites.
However, I can shed light on why people are getting errors - the certificate that web shield is re-signing with is only sha1 encrypted - chrome is showing warning for sha1 certs - they are being phased out. Should you be using an sha2 signed certificate?
SHA1 is a universally recognised WEAK(COMPROMISED?) coding platform that is being phased out of existence. It surprises me that a SECURITY COMPANY would choose to use this certificate format for one of it's most critical modules. (For reference: When a site works correctly, the Avast coding is the newer SHA256 - Why are Avast still using SHA1 on some sites?
)
I am a relative newbie here on the forums, but consider myself above average on PC matters and fairly clued in on aspects of security etc.
Howard