Kaspersky
Solved

Inspecting Certificates post Break and Inspect

  • 30 June 2021
  • 7 replies
  • 50 views

I see that Kaspersky Total Security has implemented Break and Inspect for HTTPS traffic.  I was wondering if there is any way to inspect an untrusted certificate before accepting the risk.  I only ask this because the site could be a MITM or some other issue other than just expired certificates.  The only way I can think of checking is inspecting the actual certificate offered by the site.  Once risk is accepted Kaspersky signs a new certificate to establish the HTTPS connection.  I have no way of inspecting the certificate before the break and inspect.  Any discussion or thoughts to this would be greatly appreciated.  Thank you.

icon

Best answer by Flood and Flood's wife 30 June 2021, 04:03

Hello @ctfred0921

You’re most welcome:relaxed: !

Thank you for posting back:ok_hand_tone3:

  1. When a certificate error appears, select Details, the extended information will illuminate the problem. 
  2. In KTS Reports, find the certificate error, save the Report as a .txt file & attach to your reply please? 
  3. Use an online certificate analyzer - for example  Qualys SSL Labs
  4. Read Messages "Certificate verification problem detected" and "Cannot guarantee authenticity of the domain to which encrypted connection is established" when trying to open a website

 

 

 

Thank you:pray_tone3:

Flood:whale: +:whale2:

View original

7 replies

Userlevel 7
Badge +10

I see that Kaspersky Total Security has implemented Break and Inspect for HTTPS traffic.  I was wondering if there is any way to inspect an untrusted certificate before accepting the risk.  I only ask this because the site could be a MITM or some other issue other than just expired certificates.  The only way I can think of checking is inspecting the actual certificate offered by the site.  Once risk is accepted Kaspersky signs a new certificate to establish the HTTPS connection.  I have no way of inspecting the certificate before the break and inspect.  Any discussion or thoughts to this would be greatly appreciated.  Thank you.

Hello @ctfred0921

Welcome!

  1. Is a certificate error being presented by Kaspersky - post a full screen screenprint → we need to see what you see please? 
  2. What is the name/URL of the site you’re having issues with? 

Please let us know?

Thank you:pray_tone3:

Flood:whale: +:whale2:

Unfortunately I already accepted the risk so Kaspersky issued a new certificate for the TLS connection.  The website I was trying to reach is www.nutribullet.com.  It’s not a specific site I’m worried about but more about the certificates the kaspersky is issuing to potentially bad sites.  My main suggestion would be to allow the user to actually inspect the certificate before accepting the risk when there are certificate issues with certain websites.  The only information I got was that Kaspersky didn’t trust the certificate.  This could be caused by a myriad of issues (i.e. literally not trusting the Root Certificate Authority, or expired certificates).  Unfortunately, I have no idea why kaspersky doesn’t trust the presented certificates.  Thanks for the response.

Userlevel 7
Badge +10

Hello @ctfred0921

You’re most welcome:relaxed: !

Thank you for posting back:ok_hand_tone3:

  1. When a certificate error appears, select Details, the extended information will illuminate the problem. 
  2. In KTS Reports, find the certificate error, save the Report as a .txt file & attach to your reply please? 
  3. Use an online certificate analyzer - for example  Qualys SSL Labs
  4. Read Messages "Certificate verification problem detected" and "Cannot guarantee authenticity of the domain to which encrypted connection is established" when trying to open a website

 

 

 

Thank you:pray_tone3:

Flood:whale: +:whale2:

It’s interesting that the certificate that was presented to me was expired.  Yet the SSL checker shows a valid certificate.  Am I reading too much into this or could it be an issue/potential attack?

Userlevel 7
Badge +10

Hello @ctfred0921

You’re most welcome:relaxed: !

Thank you for posting back:ok_hand_tone3:

We didn’t detect any punching:sweat_smile:

If a certificate error presents, apart from the above guidance, also always check the padlock, issues may be visible there as well & try the site in a different supported browser → issues replicable in multiple browsers have a different root cause to a certificate error in only one browser.  

Thank you:pray_tone3:

Flood:whale: +:whale2:

Thank you so much for the assistance and working with me on this.  Have a wonderful rest of your day/evening.

Userlevel 7
Badge +10

Hello @ctfred0921

You’re most welcome, we’re delighted to be able to assist:relaxed: !

From the report:

  • nutribullet → image 1.  (ioo) nutribullet certificate issue may be a false positive:thinking: You may wish to log a request with Kaspersky Technical Support, fill in Application malfunction, Other template → image 4. Support may request logs, traces & other data, they will guide you. 
  • mi-placewayside → image 1 & 2. mi-placewayside is a genuine certificate issue, their web admin needs to investigate. 
  • The same detections happen in all supported browsers: Chrome, Firefox & Edge Chromium

 

 

 

 

 

  • kenwoodworld, we’re unable to replicate any certificate issues. 
  • If you do log nutribullet with Support, please let us know the outcome? 

Thank you:pray_tone3:

Flood:whale: +:whale2:

Reply