Untrusted Connection over VPN
Discussion
I'm currently in one of the Arabian states & am having problems connecting to some https sites over VPN. When I try to connect I get an "Untrusted Connection" warning from Firefox. I've tried VyperVPN & Tunnelbear & via the Wifi at two sites & the wired connection at the hotel. I had thought that using a VPN would give me the ability to log on to my bank in the UK, but it seems not. I'm using Kaspersky AV.
A couple of samples of the errors I get:
bcol.barclaycard.co.uk uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)
www.paypal.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)
Can anyone help? Is it a result of using a VPN or some other more sinister problem?
A couple of samples of the errors I get:
bcol.barclaycard.co.uk uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)
www.paypal.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)
Can anyone help? Is it a result of using a VPN or some other more sinister problem?
Mr Pointy said:
I don't seem to get the errors using Chrome so maybe it is a FF issue. Thanks.
This is likely to be an issue with the website using older security standards/insecure conventions.Mozilla have been increasing the default security model of Firefox and as a result it has started issuing warnings that are real risks. The purpose being to pressure sites using the older standards/conventions to upgrade. You can turn the new features off (or Use Chrome) but the sites is actually compromising your security. Ideally you should be complaining to the website(business) to get them to adopt the latest security standards.
The underlying issue is that some sites still serve some content, usually embedded images etc, from http servers even when it appears on secure https pages when they should no longer be doing this. They do it to save money, the insecure http using a lot less computing power than https.
Make sure SSL scanning is disabled in Kaspersky
http://support.kaspersky.co.uk/6851
With it enabled it basically performs a man in the middle attack and presents its own cert to the browser which is probably what firefox is complaining about.
Quite how anti-virus software is allowed to get away with this crap I've no idea
http://support.kaspersky.co.uk/6851
With it enabled it basically performs a man in the middle attack and presents its own cert to the browser which is probably what firefox is complaining about.
Quite how anti-virus software is allowed to get away with this crap I've no idea
Mr Pointy said:
Apologies, I've just noticed that I haven't replied to this thread; it was indeed the Kaspersky SSL scanning that was causing the issue. I disabled it & can now pay my bills.
Thanks to all for for the help.
Interesting as we have similar SLL issues with our company VPN and they use Kaspersky. Will let the network guys know.Thanks to all for for the help.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff