0
(0)

This article concerns:

  • Kaspersky Anti-Virus
  • Kaspersky Internet Security
  • Kaspersky Total Security
  • Kaspersky Security Cloud
  • Kaspersky Small Office Security

Issue

When opening a website, a warning message appears stating that “Certificate verification problem detected” or that “Authenticity of the domain to which encrypted connection is established cannot be guaranteed”.

Cause

The website may not be safe. There is a possibility that intruders may steal your account data and other personal information. We do not recommend visiting such websites.

For detailed information about what can cause the message to appear, see the section below.

If the warning appears not for websites but for applications installed on your computer, this means default encrypted connections scan settings have been changed. To fix the issue, restore the settings to default.

Solution

If you are sure that the website is safe (for example, if it’s an official page of your bank) and do not want the application to check it in the future and show warnings:

  • Add the website that causes the warning to appear to the exception list. See instructions below.
  • Alternatively, disable the encrypted connections scanning. See instructions below.

We do not recommend disabling the encrypted connections scanning completely, as it will reduce you computer’s protection level.

If the website is not among those you visit regularly, you can allow opening it for the current session. Next time you will see the warning again. See the guide on how to allow opening the website once below.

If the notification appears on a website you don’t use often, you can allow opening it once. See instructions below.  

If you are not sure if the website is safe, you can check it with OpenTip before proceeding.

 

Why does the warning message appear

  • The certificate has been revoked. For example, the website owner can request revocation if the site was hacked.
  • The certificate was issued illegally. The certificate must be issued by a certification authority after a proper check.
  • Windows root certificates are not updated (relevant for Windows 7). For instructions on updating, see below.
  • The certificate chain is broken. The certificates are checked in a chain from the self-signed certificate to the trusted root certificate issued by the certification authority. The certificates in between are used for verification of other certificates in the chain.
    Possible causes of the broken certificates chain:

    • The chain consists of one self-signed certificate. Such certificates are not verified by the certification authority and cannot be trustworthy.
    • The chain does not end with a trusted root certificate.
    • The chain contains certificates which are not meant to sign other certificates.
    • The root or intermediate certificate has expired or its operation period has not begun yet. The certification authority issues a certificate for a limited period of time.
    • The chain cannot be built.
  • The domain specified in the certificate does not match the website to which the connection is established.
  • The certificate is not meant to confirm the node authenticity. For example, the certificate is intended only for encrypting the connection between the user and the website.
  • Certificate usage policy has been violated. The policy of the certificate is a set of rules which defines the use of the certificate with the specific security requirements. Each certificate must correspond to at least one policy. If there are several policies, the certificate must correspond to all of them.
  • Certificate structure is broken.
  • An error occurred when checking the certificate signature.
 

How to allow opening the website this time

Click Show details → I understand the risks and wish to proceed to the website in the browser window.

The "Certificate verification problem detected" warning message

Alternatively, click Continue in the pop-up window.

"Cannot guarantee authenticity of the domain to which encrypted connection is established" warning message

 

How to remove the certificate warning messages by disabling encrypted connections scanning

Disabling encrypted connections scanning will reduce your computer’s protection.

If you do not want a Kaspersky application to display certificate warning messages, disable the encrypted connections scanning feature:

  1. In the main window of your Kaspersky application, click The settings icon in the lower-left corner of the window.

Opening the Settings window in a Kaspersky application

  1. To learn how to open the main application window, see this article.
  1. In the settings window, go to the Network settings section.

Selecting the Do not scan encrypted connections option

  1. Select the Do not scan encrypted connections option.
  1. Read the message displayed in the warning window and click Continue.

Reduced protection warning

  1. Click Save → Yes.

Saving the changes in a Kaspersky application

The encrypted connections will no longer be scanned.
 

How to remove the certificate warning messages by adding the website to the exclusions list

You can exclude a website from the encrypted connections scan scope if you use Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security version 18 and later, or Kaspersky Small Office Security 6 and later. This feature is not available in earlier versions.
  1. In the main window of your Kaspersky application, click The settings icon in the lower-left corner of the window.

Opening the Settings window in a Kaspersky application

  1. In the settings window, go to the Network settings section and select Manage exclusions.

Opening the network settings in a Kaspersky application

  1. Click Add.

Adding an exclusion from the encrypted connections scan scope in a Kaspersky application

  1. Specify the website address that was displayed in the certificate warning message. Select the Active status and click Add.

Adding a website to the list of exclusions from the encrypted connections scan scope in a Kaspersky application

  1. Click Save.

Saving the changes when adding a website to the list of exclusions from the encrypted connections scan scope in a Kaspersky application

  1. Click Save → Yes.

Saving the changes in a Kaspersky application

The website will be excluded from the encrypted connections scan scope.

 

How to update root certificates on Windows 7

To update root certificates on Windows 7:

  1. Download and install the update for a 64-bit or 32-bit Windows operating system from the Microsoft website.
  2. Restart your computer.
  3. Install the existing operating system updates manually. For instructions, see the Microsoft website.
The root certificates will be updated.
 

What to do if the message keeps reappearing

If you have already added the website to the list of scan scope exclusions but the certificate warning message keeps reappearing, restart your Kaspersky application or your computer.

If restarting the application doesn’t help, contact Kaspersky technical support by choosing the topic and filling out the form.

Source : Official Kaspersky Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 91 times, 1 visits today)