Author Topic: Security certificate revoked but currently valid  (Read 6115 times)

0 Members and 1 Guest are viewing this topic.

Offline vianello_85

  • from Italy
  • Full Member
  • ***
  • Posts: 115
Security certificate revoked but currently valid
« on: October 13, 2016, 08:59:53 PM »
Although the certificate of OVH provider is valid, it expires in 2018, avast warns me that the certificate is revoked and blocked access to the page.
Both the official website, ovh.com, ovh.it and their support forum is locked because of the revoked certificate.

Attach image with a warning that I will appear in the bottom right.

Avast version: 12.3.2280
Virus definition:  161013-1

Vianello_85
« Last Edit: October 13, 2016, 09:04:06 PM by vianello_85 »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31119
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Security certificate revoked but currently valid
« Reply #1 on: October 13, 2016, 09:26:32 PM »
There seems to be a problem in the detection of the certificate.
Multiple people have reported it with various sites.

You can test things here > https://www.ssllabs.com/ssltest/

REDACTED

  • Guest
Re: Security certificate revoked but currently valid
« Reply #2 on: October 13, 2016, 10:02:47 PM »
There WAS a problem with GlobalSign certificates, wrongfully revoked:
(But Avast didn't update this information yet !!!)

Read this: https://www.globalsign.com/en/customer-revocation-error/

Also at their Facebook page: https://www.facebook.com/GlobalSignSSL/posts/1385175904850597
« Last Edit: October 13, 2016, 10:11:38 PM by jbg.havinga »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31119
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Security certificate revoked but currently valid
« Reply #3 on: October 13, 2016, 10:24:34 PM »
avast hasn't got to do any updates at all as it isn't avast that is issuing those certificates or install them on the troubled servers.

Quote
However, in the meantime, GlobalSign will be providing an alternative issuing CA for customers to use instead, issued by a different root which was not affected by the cross that was revoked
Quote
We are currently working on the detailed instructions to help you resolve the issue and will communicate those instruction to you shortly

Offline jvidal

  • Sr. Member
  • ****
  • Posts: 325
Re: Security certificate revoked but currently valid
« Reply #4 on: October 13, 2016, 10:49:18 PM »
I'm having trouble with certificates accessing my hotmail account using POP3, avast claims the cert. is revoked. Could it be related?

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31119
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Security certificate revoked but currently valid
« Reply #5 on: October 13, 2016, 10:55:01 PM »
If they are using a certificate from Globalsign it is almost certain it is.

You can check who the issuer is with https://www.ssllabs.com/ssltest/

Offline jvidal

  • Sr. Member
  • ****
  • Posts: 325
Re: Security certificate revoked but currently valid
« Reply #6 on: October 13, 2016, 11:06:18 PM »
thx!

Edit: I got "assessment failed: Unable to connect to the server", for pop3.live.com , same result for pop-mail.outlook.com.
(no surprise there, since pop3.live.com is an alias)

I believe there's nothing the users can do to fix this, except wait, right?

BTW, If I uninstall avast, then I can access the server normally, no errors and mails go in and out as usual.

Finally, If I click on the "view" button on the window that pops up when I try to access my hotmail account using Thunderbird, I can see the certificate, is -in fact- issued by Globalsign.

Edit: Clearing the certificate cache doesn't fix it.
« Last Edit: October 13, 2016, 11:32:43 PM by jvidal »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31119
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Security certificate revoked but currently valid
« Reply #7 on: October 13, 2016, 11:51:20 PM »
Indeed, users that are visiting https websites that are using one of the affected certificates from Globalsign can't do anything to prevent the message from showing up.

Only the owners of the servers that are using those certificates can do something about it.

Removing avast will (ofcourse) prevent the message being showed, but that means sites that are using a certificate that really is revoked are not being blocked and that is a security risk.
Within 4-7 days everything should be fine again.

Offline vojtech

  • Avast team
  • Advanced Poster
  • *
  • Posts: 939
    • ALWIL Software
Re: Security certificate revoked but currently valid
« Reply #8 on: October 14, 2016, 10:22:11 AM »
Avast Web and Mail Shields use Windows API for verifying certificates, so this description should solve the issue with blocking by avast:
https://support.globalsign.com/customer/portal/articles/1353318

Offline vianello_85

  • from Italy
  • Full Member
  • ***
  • Posts: 115
Re: Security certificate revoked but currently valid
« Reply #9 on: October 14, 2016, 12:08:06 PM »
Avast Web and Mail Shields use Windows API for verifying certificates, so this description should solve the issue with blocking by avast:
https://support.globalsign.com/customer/portal/articles/1353318
OVH has opened a ticket about the problem with certificates, suggesting the procedure that you have already indicated
http://travaux.ovh.net/?do=details&id=20791&PHPSESSID=cd39ce7f150566f4e1eeee0afedf8061

Offline jvidal

  • Sr. Member
  • ****
  • Posts: 325
Re: Security certificate revoked but currently valid
« Reply #10 on: October 14, 2016, 05:17:59 PM »
Like I said, clearing the certificate cache, as described in that globalsign article didn't solve anything.
Luckily, Hotmail is working fine again as of today.

Offline vianello_85

  • from Italy
  • Full Member
  • ***
  • Posts: 115
Re: Security certificate revoked but currently valid
« Reply #11 on: October 14, 2016, 06:13:52 PM »
I gave the following commands as an administrator in the dos prompt

Code: [Select]
certutil -urlcache * delete
certutil -urlcache crl delete

but he not totally solved my problem, now ovh.com opens, but not ovh.it

Vianello_85

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31119
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Security certificate revoked but currently valid
« Reply #12 on: October 14, 2016, 06:17:43 PM »
As stated on the Globalsign website, it can take a couple of days before all affected sites are working without a problem again.

Offline vianello_85

  • from Italy
  • Full Member
  • ***
  • Posts: 115
Re: Security certificate revoked but currently valid
« Reply #13 on: October 15, 2016, 10:01:16 AM »
As regards the problem with OVH, the problem is solved

Ciao!

Vianello_85