tmuster2k 22 Posted July 29, 2020 Posted July 29, 2020 Customer of our is getting "Untrusted Certificate" for ssp.meba.kr. I looked up on digicert and output was found below. if you go to that server it reports back "IT WORKS". IS this possibly coming from an ADD-ON in Internet Explorer? This just started happening today. TLS Certificate has not been revoked OCSP Staple: Not Enabled OCSP Origin: Good CRL Status: Good TLS Certificate expiration The certificate expires September 19, 2021 (417 days from today)
itman 1,802 Posted July 29, 2020 Posted July 29, 2020 No problem with cert. or Eset using FireFox. But below is what is displayed from the web site?
itman 1,802 Posted July 29, 2020 Posted July 29, 2020 Also no problem using IE11 per below screen shot. Suspect what the Eset alert is stating is possible MITM activity is going on.
tmuster2k 22 Posted July 29, 2020 Author Posted July 29, 2020 1 minute ago, itman said: Also no problem using IE11 per below screen shot. Suspect what the Eset alert is stating is possible MITM activity is going on. The ESET alert is coming up on any web site that is visited by end users not just this one which is not even a web site. Seems to be some kind of test of PROXY server maybe. When I am testing the ESET Proxy when troubleshooting one of the tests is for example >> hxxp://esmcserver:3128/index.html and it comes up with "IT WORKS' when PROXY is enabled and working.
itman 1,802 Posted July 29, 2020 Posted July 29, 2020 (edited) What is the untrusted cert. Eset is showing in the alert? What I am wondering is if Eset root CA certificate used for SSl/TLS protocol scanning has somehow expired on these endpoints. Edited July 29, 2020 by itman
Recommended Posts