uzer13 0 Posted October 8, 2021 Share Posted October 8, 2021 Hello Since earlier this week I have been getting the "certificate revoked" error when visiting dozens of websites. Websites which previously I could open fine and which do have current certificates. An example is: KNX.org Here is the exact alarm shown: Snapshot My laptop is running ESET Endpoint Security 8.12037.2 and Windows 10 Pro (Version 1909). I used the log collector and recreated the alarms on various websites, here is a link to my logs Logs Can anyone tell me what is going on and how I can return to being able to open websites normally again please? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted October 8, 2021 Administrators Share Posted October 8, 2021 It was a problem with expired Lets's Encrypt intermediate certificate used in OCSP responses: https://scotthelme.co.uk/lets-encrypt-old-root-expiration I've checked knx.org now and didn't get any warning from ESET. The OCSP response is valid: Will check you logs, maybe they are not recent. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted October 8, 2021 Administrators Share Posted October 8, 2021 How did you enable logging? Asking cause neither advanced protocol filtering logs nor network protection logs are there. Also you have Endpoint misconfigured and critical protection settings are disabled. The following settings should stay enabled: Advanced heuristics on newly created or modified files Advanced heuristics on file execution Network attack protection (IDS) Botnet protection detection of Suspicious applications We also recommend enabling detection of potentially unsafe applications as well as password protection to prevent unauthorized users from disabling or uninstalling the antivirus (e.g. prior to running ransomware or other malware). It's also a good practice to lock real-time and web access protection as well as HIPS settings by a policy. Link to comment Share on other sites More sharing options...
uzer13 0 Posted October 8, 2021 Author Share Posted October 8, 2021 @Marcos - thanks for the quick reply. ESET is managed by our sysadmin so I'll pass your suggestions on. I just went into the application > help > tech help > enable logging. Then downloaded the log collector and ran it. Weirdly knx.org now seems to be working. It's like sometimes ESET lets the website open, other times it blocks it... Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted October 8, 2021 Administrators Share Posted October 8, 2021 The issue was fixed on the web server so you should not get the warning about invalid OCSP response. I can check it out if you get the warning again or on another website. Quote I just went into the application > help > tech help > enable logging Did you open the website afterwards to get the warning and only then collected logs with ELC? Link to comment Share on other sites More sharing options...
uzer13 0 Posted October 8, 2021 Author Share Posted October 8, 2021 Yes, exactly. Link to comment Share on other sites More sharing options...
Recommended Posts