Jump to content

"Certificate revoked" error on majority of websites


Recommended Posts

Hello

Since earlier this week I have been getting the "certificate revoked" error when visiting dozens of websites.

Websites which previously I could open fine and which do have current certificates.

An example is: KNX.org

Here is the exact alarm shown: Snapshot

My laptop is running ESET Endpoint Security 8.12037.2 and Windows 10 Pro (Version 1909).

I used the log collector and recreated the alarms on various websites, here is a link to my logs Logs

Can anyone tell me what is going on and how I can return to being able to open websites normally again please?

 

Link to comment
Share on other sites

  • Administrators

It was a problem with expired Lets's Encrypt intermediate certificate used in OCSP responses:

https://scotthelme.co.uk/lets-encrypt-old-root-expiration

I've checked knx.org now and didn't get any warning from ESET. The OCSP response is valid:

image.png

Will check you logs, maybe they are not recent.

Link to comment
Share on other sites

  • Administrators

How did you enable logging? Asking cause neither advanced protocol filtering logs nor network protection logs are there.

Also you have Endpoint misconfigured and critical protection settings are disabled. The following settings should stay enabled:

  • Advanced heuristics on newly created or modified files
  • Advanced heuristics on file execution
  • Network attack protection (IDS)
  • Botnet protection
  • detection of Suspicious applications

We also recommend enabling detection of potentially unsafe applications as well as password protection to prevent unauthorized users from disabling or uninstalling the antivirus (e.g. prior to running ransomware or other malware). It's also a good practice to lock real-time and web access protection as well as HIPS settings by a policy.

Link to comment
Share on other sites

@Marcos - thanks for the quick reply.

ESET is managed by our sysadmin so I'll pass your suggestions on.

I just went into the application > help > tech help > enable logging. Then downloaded the log collector and ran it.

Weirdly knx.org now seems to be working. 

It's like sometimes ESET lets the website open, other times it blocks it...

Link to comment
Share on other sites

  • Administrators

The issue was fixed on the web server so you should not get the warning about invalid OCSP response. I can check it out if you get the warning again or on another website.

Quote

I just went into the application > help > tech help > enable logging

Did you open the website afterwards to get the warning and only then collected logs with ELC?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...