Jump to content

Recommended Posts

Hello.

I read  topic about StartCom and Wo-Sign Root CA https://www.scribd.com/document/325417135/Wo-Sign-and-Start-Com

After this i checked site with startcom certificate. Eset SSL inspection rewrite original certificate.  After disabling inspection on target url eset sill rewriting original certificate.

 

A there any ways to block root CA in Eset Smart security?

How to exclude some host from ssl inspection and certificate rewriting

Link to comment
Share on other sites

A there any ways to block root CA in Eset Smart security?

Prior to doing the below steps, you're going to have to export the intermediate root CA you wish to block to a file. Then when you get to step 4., you will select "File." Then select the file where you exported the root CA. Finally, select "block" as the action in step 5.

 

Your can also just set Wo-Sign and StartCom intermediate root CA certificates as "untrusted" using certmgr.msc. Of course, you will have to save the certifcates in a file and then import same as an untrusted publisher. The procedure to do this is here: hxxp://blogs.msmvps.com/alunj/2016/05/26/untrusting-the-blue-coat-intermediate-ca-from-windows/ . Note this was for a Bluecoat certificate but method is the same for any intermediate root CA certificate. -EDIT- Also Eset's SSL protocol scanning uses the Windows root CA certificate store for certificate validation. As such if your purpose is to block all web sites with certificates issued by Wo-Sign or Startcom, the only way to do so is using the certmgr.msc method when using SSL protocol scanning. Or, block each individual web site certificate using Eset's certificate exclusion feature.

 

Or, just wait. Apple has already blocked these intermediate root CA certificates. Hopefully, Microsoft will be doing the same shortly.  

 

post-6784-0-86073600-1475681619_thumb.png

Edited by itman
Link to comment
Share on other sites

  • Administrators

You can switch SSL filtering to interactive mode, make an attempt to connect to a site you want to exclude and select "Exclude" when prompted for an action.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...