Author Topic: HTTPS - Getting a "Your connection is not private" on Chrome  (Read 4634 times)

0 Members and 1 Guest are viewing this topic.

Offline Yuvs

  • Newbie
  • *
  • Posts: 1
Hi,

Using version 14.9 (updated this morning). While trying to get some websites, I'm getting a Chrome message that the connection isn't private. Seems that the website certificate is signed by Avast untrusted CA, a certificate that expired in 2020... Checked Key Manager, there is an Avast trusted CA that is trusted and unexpired (which I expected to be the CA signing the MitM certs).

Not seeing this on all sites, just on some very specific (and not very popular sites)

Any idea?

Offline ondrej.kolacek

  • Avast team
  • Sr. Member
  • *
  • Posts: 394
Re: HTTPS - Getting a "Your connection is not private" on Chrome
« Reply #1 on: June 07, 2021, 09:10:34 AM »
Hello,
When we do a MitM, we do a verification of web pages against Apple's system cert store (similarly like Safari does it). If we find out that a specific certificate is trusted, we generate a certificate signed by Avast Trusted CA; if the certificate is untrusted, we generate one signed by Avast Untrusted CA which is intentionally not in key manager (as we want it to be untrusted).
Please can you test these pages with Safari without Web Shield active? The result of cert verification should be the same, but you should be able to see the exact error. Or if the page is otherwise ok, can you please send me affected pages to ondrej.kolacek at avast.com?
Kind regards,
Ondrej Kolacek

Offline sartoric

  • Newbie
  • *
  • Posts: 2
Re: HTTPS - Getting a "Your connection is not private" on Chrome
« Reply #2 on: August 21, 2021, 05:27:33 PM »
I have this issue since a while for all my local development websites.
I use Mamp self signed certificate but if Https scan is enabled there is no way to load it on Safari (and chrome warns you about the connection)

There's any way to set them as secure ?
Is there a way to use wildcards for URL exceptions ?
« Last Edit: August 21, 2021, 05:30:39 PM by sartoric »

Offline ondrej.kolacek

  • Avast team
  • Sr. Member
  • *
  • Posts: 394
Re: HTTPS - Getting a "Your connection is not private" on Chrome
« Reply #3 on: August 23, 2021, 09:34:02 AM »
I have this issue since a while for all my local development websites.
I use Mamp self signed certificate but if Https scan is enabled there is no way to load it on Safari (and chrome warns you about the connection)

There's any way to set them as secure ?
Is there a way to use wildcards for URL exceptions ?
Hello,
I have tested mamp pro generated ssl certificate (just the newly generated blank page) and for me it works fine, since Avast does not intercept local connections. But if your configuration makes it to do so,  there are two possible avenues to try:
1) try copying MAMP_PRO_Root_CA cert from login keychain to system keychain
2) https exceptions should work; they are for the whole domain, eg. for url "mytest.local/wordpress/index.html" add "mytest.local" as https exception
Kind regards,
Ondrej Kolacek

Offline sartoric

  • Newbie
  • *
  • Posts: 2
Re: HTTPS - Getting a "Your connection is not private" on Chrome
« Reply #4 on: August 24, 2021, 08:04:38 PM »
Thanks for your reply

Well, suggestion 1) didn't work, but you put me on the right track  :D

In fact I've regenerated the MAMP_PRO_Root_CA cert, and the domain one (just to be sure) added to the keychain again and now it's working as expected.