Author Topic: Avast Web Shield casues SSL Security warning for some site.  (Read 622 times)

0 Members and 1 Guest are viewing this topic.

Offline NielsDalhoff

  • Newbie
  • *
  • Posts: 2
I found that Avast does some SSL-offloading, that causes the browser to warn about unsecure connections.

This is not common for all sites, but some.
If you access and view the certificate .. is shows that the issuer of the certificat is "avast! Web/Mail Shield Root"
But if you access an online banksite the cerficate has the correct issuer "GlobalSign Extended Validation CA - SHA256 - G3" and the browser does not throw an error.

Why does the Web Shield intercept and inject its own certificate, on that I expect to be at secure connection between the browser an the websit that i'm visiting?
I want to trust my connection, so when it it encrypted with a certificat issued to the site i'm visiting, it is this certificate that is used all the way, not have Web Shield intecept as a "man in the middle attack".
Second, how and why is there a difference for some sites and not others. How does Web Shield determine if and when not to inject its own certificat?