cannot guarantee authenticity of the domain to which encrypted connection is established.

[TTP87]

Hi, I am not sure if I am posting this in the right place, this is my first time on the forum, I have used KIS for like 6 years now, but now I am having this alert pop up at nearly every web page I go to since I upgraded to KIS 2014.. I sent a picture here of the notification I keep getting at each web page I go to.. Can some one please tell me why I keep getting this alert/notification all of a sudden???? I click both options on the alert and nothing happens either way, it just wont ever stop popping up, it gets annoying, so that's why I am asking.. I haven't don't anything different online than I normally do.. I also recently noticed that when I go to yahoo.com and click mail, a page always pops up saying I have bad certificates, that use to never happen either, im not sure if that's all tied in or what. Any advice??

[richbuff]

Welcome. Check system date/time is correct, then uncheck Scan Encrypted connections, located in Kaspersky Settings > Additional > Network. Then reboot. Any better after that?

[TTP87]

Welcome. Check system date/time is correct, then uncheck Scan Encrypted connections, located in Kaspersky Settings > Additional > Network. Then reboot. Any better after that?

 

 

Thanks.. Yes I made sure the time was correct first, then I checked to see if it fixed it, it did not.. So then I turned off the "Scan Encrypted connections" like you said, and so far that has stopped everything. I don't even get any bad certificate shields inside where you type the www. things anymore.. But just to be safe, is there any down side to turning that option off?? I mean will I start getting Viruses and things now or if I hit a bad site will Kaspersky still auto block the site like it normally does if its too bad??

[richbuff]

You're welcome. You can leave it in Default setting, which is: "Scan encrypted connections if parental control is enabled"

 

That way, by default, the setting is disabled.

 

The setting is not a security item. rather, it is there to augment Parental Controls.

[smiileysa]

I have started getting these annoying popups that "Cannot guarantee authenticity of the domain to which encrypted connectio is established".

What does it take to quit getting these. I suppose it takes shutting down a component but I don't know which one. Tired of installing/reinstalling certificates. Thanks for the help!

[richbuff]

Please disable Scan Encrypted Connections, located in settings. Please see the fifth Important topic, for instructions on how to tell us a wee bit more.

 

Please see the small print that is located at the bottom of this message.

[NotSureAboutKIS]

Please disable Scan Encrypted Connections, located in settings. Please see the fifth Important topic, for instructions on how to tell us a wee bit more.

 

Please see the small print that is located at the bottom of this message.

 

Er... KIS 14 Where is Scan Encrypted Connections? Can't see any Important Topics at the top of this page. Can't see any relevant small print at the bottom of this message...

 

[NotSureAboutKIS]

Hi, I am not sure if I am posting this in the right place, this is my first time on the forum, I have used KIS for like 6 years now, but now I am having this alert pop up at nearly every web page I go to since I upgraded to KIS 2014.. I sent a picture here of the notification I keep getting at each web page I go to.. Can some one please tell me why I keep getting this alert/notification all of a sudden???? I click both options on the alert and nothing happens either way, it just wont ever stop popping up, it gets annoying, so that's why I am asking.. I haven't don't anything different online than I normally do.. I also recently noticed that when I go to yahoo.com and click mail, a page always pops up saying I have bad certificates, that use to never happen either, im not sure if that's all tied in or what. Any advice??

 

Thank you. Nice and clear.

[Adam1972]

At the top of this page http://forum.kaspersky.com/index.php?showforum=4 you will see a number of topics with IMPORTANT in red letters, it's the 4th important topic that Rich means.

To find Scan Encrypted Connections, go to settings > additional > network

[paul@pauldoranlaw.com]

I am getting this message and have tried the steps outlined, i.e. I have unchecked Scan Encrypted Connections and also tried leaving on "Scan encrypted connections if parental control is enabled" but I still get the message "Cannot guarantee authenticity of the domain to which encrypted connection is established".

 

I am using Chrome on Windows 8.1. The GSI report is here: http://www.getsysteminfo.com/read.php?file...ccfb463ea43c347

[rudger79]

Welcome pauldoranlaw.

 

Please try with the most current version MR2, 15.0.2.361.

 

Download the latest version 15.0.2.361 from here: http://www.kaspersky.com/product-updates

 

Save it somewhere. Next uninstall version 15.0.1.415, reboot.

 

Right click the previously downloaded installer for version 15.0.2.361, select Run as Administrator. Update, reboot.

 

Any better?

 

Also, Relevantknowledge shows as an installed program. It is junkware that needs uninstalled.

Edited April 27, 2015 by rudger79

[jkiejr]

so i am getting the warning also. i checked that my time is correct and went to turn of the scan, but i get a error that it will also turn off the url advisor and safe money both of which i use.

[Dhabi12]

I've just had this with Kaspersky 2016 and read the above regards Parental Controls. The uncheck Scan Encrypted connections has dealt with it. For my own interest, as I'm not to IT bright, it popped up when I opened

Yahoo and E-Bay, for:

 

Internet Explorer 7

 

URL: api.ak.facebook.com

 

Invalid name of certificate

 

I haven't used Facebook for well over a year? Is it just checking for websites that children "might" use? Seems strange, as that would be for a very large list? I just wondered

that's all.

[Viperalus]

Minutes ago I got the following notification from Kaspersky IS 2015 when I tried to go to my facebook (I didn't login there).

"Cannot guarantee authenticity of the domain to which encrypted connection is established"

the URL: static.connect.facebook.com

 

What do you advice me me to do?

Thank you very much in advance.

[richbuff]

Please select Do Not Scan Encrypted connections, located in Settings > Additional > Network. Reboot for good measure. Any better after that?

 

Also, please see the second Important topic for instructions to download and install KIS version 2016.

 

Uninstall KIS version 2015 > reboot, then install KIS version 2016.

 

After you install KIS version 2016, activate with your current activation code > do a databases update > reboot.

 

Any better with the current version?

 

Please see the small print that is located at the bottom of this message.

[Viperalus]

Please select Do Not Scan Encrypted connections, located in Settings > Additional > Network. Reboot for good measure. Any better after that?

 

Also, please see the second Important topic for instructions to download and install KIS version 2016.

 

Uninstall KIS version 2015 > reboot, then install KIS version 2016.

 

After you install KIS version 2016, activate with your current activation code > do a databases update > reboot.

 

Any better with the current version?

 

Please see the small print that is located at the bottom of this message.

The second time that I entered Facebook the message didn't appear. So, for the time being I will leave it as that (it's safer) and if the problems persist I will follow these recommendations. Thanks!

Btw, I have installed the trial version 2 weeks ago in my new machine, but I don't know which version of KIS I do run ('15 or '16). Tried to find that but I couldn't find that basic information... :?

 

[richbuff]

You're welcome. Please see: http://support.kaspersky.com/us/11169

[easycommuter]

You're welcome. Please see: http://support.kaspersky.com/us/11169

 

I have downloaded Kaspensky 2016 on trial, and have also been getting the same error. It then includes something like

 

 

"Application: Internet Explorer

URL: sync.rhythmxchange.com (....for example)

Reason: Invalid name of certificate Either the name is not on the allowed list, or was explicitly excluded

 

(Options)

Disconnect

Continue"

 

 

Typically it happens at least once every browsing session. When I follow the instructions noted earlier in this thread, and I am about to click on the "Do not scan encyrpte..." option, Kaspersky generates a dialogue box with a red warning sign, saying

 

 

"This will reduce protection.

This will reduce the protection of your computer. Parental Control and Kaspersky URL advisor will not be able to control encrypted connections and "Safe Money" will be disabled. Are you sure that you want to disable scanning of encrypted connections?

 

(Options)

Continue

Cancel"

 

 

"Safe Money", which is the primary reason why I am trialing Kaspensky 2016, therefore I am really NOT sure about disabling it. What should I do?

What is the effect of simply leaving the message there, in terms of level of protection?

What is an encrypyted connection?

[ddaled]

"Safe Money", which is the primary reason why I am trialing Kaspensky 2016, therefore I am really NOT sure about disabling it. What should I do?

What is the effect of simply leaving the message there, in terms of level of protection?

What is an encrypyted connection?

 

Encrypted connection.. If you see https before the website. That is an encrypted connection.

You can google what it means too.

The safe browser (safemoney) scans https connections, to verify the website's authenticity etc.

 

So it needs that option enabled.

 

Technically, if you get those notifications above.

It means that you are currently entering an unknown certificate. etc.

 

But at times, a known site with valid certificate gets this too.

 

Why?

 

Because the certificates stored in your browsing cache (not that sure about the exact cache folder atm) is somewhat obsolete.

 

How to fix it, close all browsers

open kaspersky

settings> Additional> Network> click advanced under encrypted connections scanning> Install certifiactes> next> finish.

 

Voila. problem solved. But at times, it doesn't record it on the next boot session and you may have to do it again.

Question, what are the installed certificates?

Those are collated and is updated every once in a while (I'm not that certain any more about the intervals atm)

 

Also, unchecking the scanning of encrypted connection does solves this issue.

Why? It doesn't scan the certificates of the websites anymore.

 

At times it is irritating so I too uncheck this box. hehehe.

Because I'm not quite sure how to retain the certificate cache in there if I install the certificates.

[billzog]

I assume this is going to be the right place for this post.

 

I've had the same experience, using the latest fully-updated KIS 2016 on an equally fully-updated Win 10 machine.

 

After displaying the above warning KIS has now deep-sixed my connection to Flickr in Firefox, which is extremely bloody annoying. Flickr! If that's not on the permanent list of trusted sites, what is? It simply will not open.

 

I've read the advice above, but, like those commenting above, my concern remains; I use KIS because of Safe Money, and it's simply not satisfactory that the only way I can apparently get Flickr back is to lose Safe Money!

 

Will installing the certificates in the KIS advanced options, as mentioned immediately above, really solve the problem? Or is this just handwaving? Any actual experiences?

 

(This certificates nonsense is getting tedious, as Firefox keeps telling me that Kaspersky 'isn't verified for use in FF' and it's supposedly disabled the Kaspersky plugin, though it still appears in the browser! And appears to function)

 

I will note, for the benefit of any Kaspersky staff who might read this, that one does not buy advanced security software in order to have to regularly tinker under the bonnet on the basis of helpful suggestions.

 

regards,

 

Bill

 

 

[ddaled]

I assume this is going to be the right place for this post.

 

I've had the same experience, using the latest fully-updated KIS 2016 on an equally fully-updated Win 10 machine.

 

After displaying the above warning KIS has now deep-sixed my connection to Flickr in Firefox, which is extremely bloody annoying. Flickr! If that's not on the permanent list of trusted sites, what is? It simply will not open.

 

I've read the advice above, but, like those commenting above, my concern remains; I use KIS because of Safe Money, and it's simply not satisfactory that the only way I can apparently get Flickr back is to lose Safe Money!

 

Will installing the certificates in the KIS advanced options, as mentioned immediately above, really solve the problem? Or is this just handwaving? Any actual experiences?

 

(This certificates nonsense is getting tedious, as Firefox keeps telling me that Kaspersky 'isn't verified for use in FF' and it's supposedly disabled the Kaspersky plugin, though it still appears in the browser! And appears to function)

 

I will note, for the benefit of any Kaspersky staff who might read this, that one does not buy advanced security software in order to have to regularly tinker under the bonnet on the basis of helpful suggestions.

 

regards,

 

Bill

 

 

Yep.. It does fix it. but reoccur on some unknown time. Most often than not after reboot.

On some it permanently fixes it.

 

The firefox issue is going to be fixed in the up coming patch F

and would be signed on the next maintenance release

(ETA Feb)

[easycommuter]

Thank you very much for your reply "D-Auto-Resolved"

 

1) I have just started following your instructions about what to do the next time I get a "cannot guarantee authenticity" message. Will update this thread with the results.

2) In effect, does this mean that I need to self certify each of the Safe Money Type website that I currently visit, is OK?

3) When you then say "These are collated and is updated every once in a while", do you mean that Kaspersky somehow look through everybody's Safe Money type web address links lists and prooduces a consolidated list. I stumbled on a list of websites earlier on at:-

Settings > Additional > Network Settings and then "Encrypted connections scanning" section + hyperlink entitled "websites"

 

If this is the list that Kaspersky are updating, there are only around #50 of them and I didn't see any banks or financial institutions mentioned in the list?

 

4) As regards my question : What is the effect of simply leaving the message there, in terms of level of protection? I guess it means I am not protected?

5) I agree with your sentiment "billSA". Kaspersky help texts + further Internet searches have already had me updating "Advanced BIOS setup options" on my computer (so that Safe Money can maintain protection against screen capture). I really don't want have to visit BIOS screens again. I don't know, this may be more a problem with the nature of the operating system.

 

Cheers

 

[somebet]

so i am getting the warning also. i checked that my time is correct and went to turn of the scan, but i get a error that it will also turn off the url advisor and safe money both of which i use.

 

 

 

I will certainly not turn off the scanning of encrypted connection, and put my computer at risk. With it off, and something gets through, we have no excuse for getting the virus or being a victim of identity theft.

 

Will installing the certificates in the KIS advanced options, as mentioned immediately above, really solve the problem? No it won't!

 

I have tried synchronizing the internet time, like it says in another post but it would not work, three reasons why it would not, and only one makes any sense, so will try again later.

[ddaled]

2) In effect, does this mean that I need to self certify each of the Safe Money Type website that I currently visit, is OK?

 

If it happens on all of the sites you visited. Then the certificates stored in your computer may be outdated already and you need to install them.

The question I cannot answer is that, why doesn't it update automatically on some computers.... Because mine works just fine.

 

 

3) When you then say "These are collated and is updated every once in a while", do you mean that Kaspersky somehow look through everybody's Safe Money type web address links lists and prooduces a consolidated list. I stumbled on a list of websites earlier on at:-

Settings > Additional > Network Settings and then "Encrypted connections scanning" section + hyperlink entitled "websites"

 

 

If this is the list that Kaspersky are updating, there are only around #50 of them and I didn't see any banks or financial institutions mentioned in the list?

That's not the list.

It's somewhere in the folders, I'm not too sure where and the file itself.

The list of websites I am speaking of mostly concerns the known websites together with banking, pay system and shopping sites.

These are updated every 2 hours if my memory serves me right.

 

4) As regards my question : What is the effect of simply leaving the message there, in terms of level of protection? I guess it means I am not protected?

You are still protected. In the sense of virus protection. For the sites visited, under SAFE BROWSER. even if the hold invalid certificates, malicious scripts will not run in it.

 

 

Here's a better way of installing the certificates

 

Close all the browsers and Kaspersky Notification (the "cannot guarantee")

Hit Win Key (The square with four squares) + R

Type in inetcpl.cpl

Go to "content" tab

Click on "Clear SSL State"

Click ok on the successfully cleared

Click ok on Internet options window or close it.

Open Kaspersky.

Click on 'Settings' in the bottom left corner (The cog icon in 2016).

Click on 'Additional' on the left.

Click on 'Network' in the middle.

Click on 'Advanced Settings' under Encrypted connections scanning

Click on 'Install certificate'.

Click 'Next'

Click 'Finish'

[easycommuter]

Thanks again D-Auto-Resolve

 

I have followed your procedure after getting the Certificate error message with the "docs.google.com" website.

Just for ref, is the above a once off procedure?

 

It's only been half a day, but I didn't get anymore Certificate error messages. However I am getting the Orange bordered Safe Money Browser, with a message telling me that "... extension is disabled...". I am getting this for both IE and Chrome, even though both definitely have the relevant Kaspersky extension/add in enabled. I have tried disabling and re-enabling the browsers, in both Protected and Unprotected states but am still getting the same Orange border.

I can't say this is linked to following the above procedure, ... as at around the same time the computer link to the internet was upgraded from Broadband to Fibre (in the UK). I don't know if the upgrade has anything to do with it? Whatever the reason, this is a bit of a step backwards, as now Kaspersky Total Security is definitely providing complete protection of data. Probably my best bet is contacting Kaspersky help line etc.