Kaspersky
Question

Visiting a domain with an untrusted certificate

  • 7 January 2020
  • 18 replies
  • 2131 views

Userlevel 2
Badge

 

 

Hello Everybody,

Getting  the message: "Visiting a domain with an un-trusted certificate".

Tried into above network setting no luck.

Also from Web Threat Protection> Trusted Web Address the site was added but still the same warning showing.

 

@Deadlock4400 


18 replies

Userlevel 3
Badge +1

I don’t think Kaspersky is the issue here. Did you tried Opening the same website with any other browser?

Because browsers too block such requests and don’t allow you to proceed further.

Its an issue with Kaspersky only, If we pause the protection there won't be any warning. We need some way to do the exclusion.

 

Userlevel 3
Badge +1

Maybe this can help doing it the first time by the user:

When user encounter this page..

 

Maybe this can help doing it the first time by the user:

When user encounter this page..

 

End-users can’t follow this always, this is just a workaround. There should be some permanent way to do exclusion for known sites.

Userlevel 2
Badge

I don’t think Kaspersky is the issue here. Did you tried Opening the same website with any other browser?

Because browsers too block such requests and don’t allow you to proceed further.

hello @raviparker 

See the first screen shot, there below left corner you can Kaspersky logo. 

 

It’s fine that the website has certificate or other problem, but there should be some way to exclude such irritating problem.

Dear @Nikolay arinchev  can you please answer something cool over here and make a awesome solutions !

 

Thanks -

@Deadlock4400  

Userlevel 1
Badge

The 2nd screenshot shows that „Scan encrypted connections” is not activated. KES should not touch encrypted traffic.

However if it is activated now, I would try to put the domain of the requested site into “trusted domains”.

Userlevel 2
Badge

hello @ak01 

Thanks for your reply.

Option “Scan encrypted connection” was ON n OFF both way tasted. Even i use the trusted domain also. I follow the below web link -

https://community.kaspersky.com/kaspersky-total-security-14/untrusted-root-center-site-blocked-connection-not-protected-and-can-t-exclude-it-i-understand-the-risks-is-not-available-812

 

also follow -

https://support.kaspersky.com/common/safemoney/12489?_ga=2.177839013.1039545886.1578383781-833333344.1575652241#block5

 

No way out!!

 

Userlevel 1
Badge

Are you sure you edit the right Policy (which applies to that computer)? I would check the local KES settings if it correctly applies your changes in the policy.

Userlevel 2
Badge

hello @ak01 

 

There is a single policy, so don’t thing a mistake was made over there

Userlevel 1
Badge

ok.

Are you sure that this policy applies to that computer (computer is correctly moved to “managed computer” or a subfolder, computer is listed as alive, agent is running and synchronized with KSC, ...)?

I have the exact same problem since i updated my KES clients to 11.2.0.2254 last Friday, i am unable to connect to my local VMware vSphere web page because the option “I understand the risk, but want to proceed” is missing, when i disable KES 11.2.0.2254 the web page loads without issues.

 

A little side note the address is added to "Web threat protection” \ “Trusted web addresses” but that does not resolve the problem.

The certificate has also been added to my Windows 10 local computer certificate store, still no change, within Firefox i am unable to import the certificate because Firefox says there is no need to import it since it is a trusted certificate, the issue here is KES.

 

I also suddenly have problems with R&D software tools which worked fine but since the KES upgrade to 11.2.0.2254 suddenly are no longer able to write to remote network drives, the policy is in place and the clients are part of the managed devices\clients.

In the first picture you can see that i cannot connect to the vSphere website, in the second picture i first tried to disable the KES policy butt that did not change the situation then i shutdown the KES application and i could immediately connect to the vSphere website without any problems.

 

PIC.01

 

PIC.02

 

Userlevel 1
Badge

I can only tell you what I do: I disabled the “scan encrypted connections” feature internally because we have another solution to scan encrypted traffic. So far that works (KES does not intercept the traffic), that is why I asked if the policy in the first post might not apply to the mentioned computer (this option works for me, also with KES11.2).

I only enable that feature outside of the company and at home (for example) where I do not have self- signed certificates.

Exact same problem here with KES Std 11.2.

I have 38 engineers unable to access our ESX lab web management interfaces, unless I completely disable scanning of encrypted connections, which is also quite annoying. 

@sd75 

 

For vSphere and ESX local management websites i was able to resolve this problem easily by downloading the root CA from the vSphere and ESX local management websites and then importing these into the local computers store under "Trusted Root Certification Authorities”.

 

This unfortunately did not work for my RSA servers to access them i still need to use an old Internet Explorer version.

Unchech the “Scan encrypted connections” checkbox

I resolved this issue by unchecking the “Scan encrypted connections” checkbox but that is too general a solution. I would like to provide exceptions for specific servers on my network that I access by IP address. How do I do that? IP addresses don’t work when I specify them as Tructed domains.

Badge

Unchech the “Scan encrypted connections” checkbox

 

 

I have the same issue with our vSphere, could you tell me how to permanently solve this issue?

Reply / Ответить