Hello,
When we do a MitM, we do a verification of web pages against Apple's system cert store (similarly like Safari does it). If we find out that a specific certificate is trusted, we generate a certificate signed by Avast Trusted CA; if the certificate is untrusted, we generate one signed by Avast Untrusted CA which is intentionally not in key manager (as we want it to be untrusted).
Please can you test these pages with Safari without Web Shield active? The result of cert verification should be the same, but you should be able to see the exact error. Or if the page is otherwise ok, can you please send me affected pages to ondrej.kolacek at avast.com?
Kind regards,
Ondrej Kolacek