Jump to content

Issue with SSL certificates in Firefox?


Recommended Posts

When I click the padlock icon in Firefox, it says "Connection Secure" but below this it says "Connection verified by a certificate issuer that is not recognized by Mozilla".  If I click further, it says

You are securely connected to this site.

Verified by: ESET, spol. s r. o.

Mozilla does not recognize this certificate issuer.   It may have been added from your operating system or by an administrator.

This does not happen on all sites.   An example site https://www.discover.com/

Is ESET overriding the default certificate that is coming from site?

Link to comment
Share on other sites

  • Administrators

This is a normal behavior when a secured communication is scanned by an AV, DLP, etc. Before scanning / analyzing the content, it's decrypted. After scanning it's re-encrypted and signed using the root CA private key and passed to the application (browser) where the data is decrypted.

Link to comment
Share on other sites

@Marcos thanks for the explanation but I am not sure I fully understand.  

Why is ESET scanning/analyzing only some certificates.   For instance, forum.eset.com the padlock in Firefox states 'Verified by DigiCert Inc.'.   Why doesn't it say 'Verified by: ESET, spol. s r. o.' ?

Below are some other sites I tested, why are some verified by the certificate issuer and others state ESET?   Is it possible to disable this feature in ESET Internet Security?  What is the benefit of having this enabled?

www.bankofamerica.com, the padlock states:

You are securely connected to this site.

Certificate issued to:
Bank of American Corporation
Chicago
Illinois, US
Verified by: Entrust, Inc.

proton.me, the padlock states:

You are securely connected to this site.

Verified by: ESET, spol. s r. o.

Mozilla does not recognize this certificate issuer.   It may have been added from your operating system or by an administrator.

www.yahoo.com, the padlock states:

You are securely connected to this site.

Verified by DigiCert Inc.

www.disney.com, the padlock states:

You are securely connected to this site.

Verified by Let's Encrypt

www.google.com, the padlock states:

You are securely connected to this site.

Verified by: ESET, spol. s r. o.

Mozilla does not recognize this certificate issuer.   It may have been added from your operating system or by an administrator.

www.instagram.com, the padlock states:

You are securely connected to this site.

Verified by DigiCert Inc.

twitter.com, the padlock states

You are securely connected to this site.

Verified by: ESET, spol. s r. o.

Mozilla does not recognize this certificate issuer.   It may have been added from your operating system or by an administrator.

Link to comment
Share on other sites

  • Administrators

With this setting disabled all https websites should be scanned by ESET:

image.png

Link to comment
Share on other sites

@Marcos - I tested the setting in your screenshot and this does indeed cause all websites to be scanned by ESET.    How do you turn this feature off completely and not have ESET scan any website?   

is there a doc/article explaining what exactly this feature is doing?   I am confused why ESET would need to replace a legit website certificate with its own.

Link to comment
Share on other sites

  • Administrators

If you don't want to scan Internet http/https communication at all, you could disable the network traffic scanner. But why would you do that and allow to execute malware on compromised websites or not block known or new malware on malware urls?

image.png

Link to comment
Share on other sites

@Marcos

I'm not against ESET for scanning URLs for potential malicious sites.  I am confused why the common sites listed below are being scanned and ESET certificate is replacing the websites certificate.   To me, there is a difference between scanning a URL to check it against a list of malicious sites and replacing a sites certificate.   Does ESET support monitor this forum?  I would  like to get a better understanding what this certificate replacing feature is doing.

www.google.com
proton.me
twitter.com
www.discover.com

 

Link to comment
Share on other sites

2 hours ago, demonlight said:

To me, there is a difference between scanning a URL to check it against a list of malicious sites and replacing a sites certificate.  

To begin, Eset doesn't need to deploy SSL/TLS protocol scanning to scan URLs.

SSL/TLS protocol scanning is being deployed to scan the contents of the web page prior to it being rendered in the browser. Since the web page code is encrypted, Eset intercepts the code in transit and decrypts it using its certificate stored in the Windows root CA certificate store. Once decrypted, it can now inspect the web page code for resident malware via its JavaScript scanner it previously loaded into the browser as an example of one inspection method being deployed. Once the code has been inspected, Eset re-encrypts it and passes it to the browser for web page rendering.   

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...