Messages “Certificate verification problem detected” and “Cannot guarantee authenticity of the domain to which encrypted connection is established” when trying to open a website (Kaspersky)

• The certificate has been revoked. For example, the website owner can request revocation if the site was hacked.
• The certificate was issued illegally. The certificate must be issued by a certification authority after a proper check.
• Windows root certificates are not updated (relevant for Windows 7). For instructions on updating, see below.
• The certificate chain is broken. The certificates are checked in a chain from the self-signed certificate to the trusted root certificate issued by the certification authority. The certificates in between are used for verification of other certificates in the chain.
  Possible causes of the broken certificates chain:
  • The chain consists of one self-signed certificate. Such certificates are not verified by the certification authority and cannot be trustworthy.
  • The chain does not end with a trusted root certificate.
  • The chain contains certificates which are not meant to sign other certificates.
  • The root or intermediate certificate has expired or its operation period has not begun yet. The certification authority issues a certificate for a limited period of time.
  • The chain cannot be built.
• The domain specified in the certificate does not match the website to which the connection is established.
• The certificate is not meant to confirm the node authenticity. For example, the certificate is intended only for encrypting the connection between the user and the website.
• Certificate usage policy has been violated. The policy of the certificate is a set of rules which defines the use of the certificate with the specific security requirements. Each certificate must correspond to at least one policy. If there are several policies, the certificate must correspond to all of them.
• Certificate structure is broken.
• An error occurred when checking the certificate signature.

Click Show details → I understand the risks and wish to proceed to the website in the browser window.

Alternatively, click Continue in the pop-up window.

If you do not want a Kaspersky application to display certificate warning messages, disable the encrypted connections scanning feature:

1. In the main window of your Kaspersky application, click .

1. To learn how to open the main application window, see this article.

2. In the settings window, go to the Network settings section.

3. Select the Do not scan encrypted connections option.

4. Read the message displayed in the warning window and click Continue.

5. Click Save → Yes.

1. In the main window of your Kaspersky application, click .

2. In the settings window, go to the Network settings section and select Manage exclusions.

3. Click Add.

4. Specify the website address that was displayed in the certificate warning message. Select the Active status and click Add.

5. Click Save.

6. Click Save → Yes.

The website will be excluded from the encrypted connections scan scope.

To update root certificates on Windows 7:

1. Download and install the update for a 64-bit or 32-bit Windows operating system from the Microsoft website.
2. Restart your computer.
3. Install the existing operating system updates manually. For instructions, see the Microsoft website.

If you have already added the website to the list of scan scope exclusions but the certificate warning message keeps reappearing, restart your Kaspersky application or your computer.

If restarting the application doesn’t help, contact Kaspersky technical support by choosing the topic and filling out the form.

Source : Official Kaspersky Brand
Editor by : BEST Antivirus KBS Team