Jump to content
Jeff-22

Chrome self signed certificate, Cannot guarantee... ... [merged]

Recommended Posts

I am having problems on my home network when I have the following items active on my network.  These problems exist only when running Chrome browser on my PC.  When I am running the Chrome browser ( and no site need be accessed) the following error messages show if either of the following devices are active on the network: Chromecast, Google Home Speakers.  If neither of the devices are powered down no Kaspersky message appears.  This only occurs if the Chrome browser is active and devices powered up.  I have included some images of the message I get along with the image of the certificate that is the problem.  If anyone knows of a solution to fix this problem it would be greatly appreciated.  Very frustrating!

message.png

certificate.png

Share this post


Link to post
2 hours ago, jjflash7 said:

I stand corrected, this did MASK the problem successfully.  Just make sure you select this Chrome app when performing the steps

image.png.3e2e20201e3fad5ae1fe703996540d75.png

 

 

"Hello ,

Thank you for patiently waiting.

Please also add port 8010 in addition to 8009:

Afterwards open Kaspersky settings - protection - application control - manage applications;
In the search field type "chrome";
Double click the Google Chrome application and go to "Exclusions"
Tick the "Do not scan all traffic" and select "Do not scan encrypted traffic";
Tick on "Only for specified ports" - 8009, 8010;
Click Save.

Restart PC and check the problem reproduction."

I've just tried this, specifically adding 8010 to my already existing exceptions for 8008-8009.  

After a reboot and a few hours passed, the issue returned.

Share this post


Link to post

I keep receiving this error window when i simply launch google chrome before i even search any websites? Is this a bad thing or simply and easy fix thanks so much for any replies.

kas1.png  

Edited by Parakeet34

Share this post


Link to post

Same here I'm getting ready to bail.... SOON!

Does the removal tools Kaspersky supply work... do they get it ALL? Any other sources? 

Edited by H2ooh

Share this post


Link to post

Ok, I haven't read through all the pages in here, but I am having the same issue and looking to find the fix also.  My question is, are we sure this is a Kaspersky issue, and not a Google Chrome/possible Chromecast issue?  It looks like Kaspersky is only doing it's job.  It sees that Google Chrome is trying to make a secure connection to a self-signed cert, which it SHOULD block, or at least notify you, which it is what it is doing.  Unless you created the self-signed cert or know exactly what you are connecting to, you should not trust it. 

I do have Chromecasts too, and the issue does appear to be Chromecast related.  It would also make sense why Google Chrome is allowing it, because Chrome by default should block any site you navigate to using a self-signed cert, but if this is something that is happening in the background and Chrome knows it is connecting to a Chromecast device, that would make sense why it is trusting the cert.

Either way, I think it is good that Kaspersky is finding this connection and notifying us of it, that's what it is supposed to do.  I don't know if the problem is on their end or Google's, and the pop-ups are definitely annoying, but I just wanted to throw this out there, since everyone appears to only be blaming Kaspersky.   If it is something that has to do with a Google Chrome version update, or maybe a Chromecast update, then why are we blaming Kaspersky?

Share this post


Link to post
22 minutes ago, Brion said:

Ok, I haven't read through all the pages in here, but I am having the same issue and looking to find the fix also.  My question is, are we sure this is a Kaspersky issue, and not a Google Chrome/possible Chromecast issue?  It looks like Kaspersky is only doing it's job.  It sees that Google Chrome is trying to make a secure connection to a self-signed cert, which it SHOULD block, or at least notify you, which it is what it is doing.  Unless you created the self-signed cert or know exactly what you are connecting to, you should not trust it. 

I do have Chromecasts too, and the issue does appear to be Chromecast related.  It would also make sense why Google Chrome is allowing it, because Chrome by default should block any site you navigate to using a self-signed cert, but if this is something that is happening in the background and Chrome knows it is connecting to a Chromecast device, that would make sense why it is trusting the cert.

Either way, I think it is good that Kaspersky is finding this connection and notifying us of it, that's what it is supposed to do.  I don't know if the problem is on their end or Google's, and the pop-ups are definitely annoying, but I just wanted to throw this out there, since everyone appears to only be blaming Kaspersky.   If it is something that has to do with a Google Chrome version update, or maybe a Chromecast update, then why are we blaming Kaspersky?

Because we are an angry mob that's hungry for blood. 

But seriously, Google is a faceless behemoth practically devoid of human support and this appears to be the only post in the forum on the subject. If it were Chrome's fault, I'd think the Kaspersky reps would be much quicker to point blame at them and direct the angry mob elsewhere. As it is, they seem to be quietly accepting that the problem is happening, but not offering any solid solutions. I imagine that Google has some pretty rigorous quality assurance standards that must be met before they release updates, but it's certainly possible that the 'official stable' release of Chrome 72 (on Jan 29th; a day before this thread was started) triggered Kaspersky to flag the connection. 

Bottom line is, everybody is pissed off, nobody has any real answers, and regardless of whose fault it is, there needs to be some communication between them to fix it. Kaspersky would do themselves a massive favor if they gave any official indication that they're aware and working on it rather than just let the rabble stand outside the gates and keep wondering wtf is going on.

Edited by MrOwl

Share this post


Link to post
3 hours ago, Brion said:

why are we blaming Kaspersky?

Hey Brion,

"Also"

With all due respect. No-one is "blaming" Kaspersky.

Kaspersky have acknowledged a bug and allocated  BR# 3214641.

If the root cause/solution was in Google's patch Kaspersky would have made that very clear and been redirecting the masses to Google.

Issue is not only impacting those with Chromecast devices.

The  Kaspersky "radio-silence" is what is concerning for the majority of Kaspersky customers who've posted to: [ Kaspersky Internet Security & Anti-Virus & Kaspersky Free for Windows ] https://forum.kaspersky.com/index.php?/topic/408030 & [ Kaspersky Total Securityhttps://forum.kaspersky.com/index.php?/topic/407939

Suggested "workarounds" are less than satisfactory, they reduce security and impact some Kaspersky Customers ability to fully use their devices/applications safely.

Cheers.

Share this post


Link to post
15 hours ago, Parakeet34 said:

I keep receiving this error window when i simply launch google chrome before i even search any websites? Is this a bad thing or simply and easy fix thanks so much for any replies.

  

Hey Parakeet34,

Known issue: Kaspersky have acknowledged a bug and allocated  BR# 3214641.

Status = work in progress.

References: 

https://forum.kaspersky.com/index.php?/topic/408030-chrome-self-signed-certificate-cannot-guarantee-merged/ (11pages) 

https://forum.kaspersky.com/index.php?/topic/407939-cannot-guarantee-authenticity-of-the-domain-to-which-encrypted-connection-is-established-google-chrome-merged/ (2 pages)

No fix available at this stage.

Workarounds are available but, if implemented, need to be done so with full awareness of associated risks/impacts. 

It's alway useful to please provide:

  • Kaspersky application & version: example: (KIS,19.0.0.1088(d) )
  • Device operation system & version: example: (Windows 7 Ultimate SP1 7601 (64-bit)
  • Browsers used: example: (Google Chrome 72.0.3626.119 (Official Build) (64-bit) - Mozilla Firefox Quantum 65.0.1 (64-bit) )

& contact/log an incident with: Kaspersky Lab Technical Support via https://my.kaspersky.com/

Cheers

Share this post


Link to post
6 hours ago, Brion said:

 If it is something that has to do with a Google Chrome version update, or maybe a Chromecast update, then why are we blaming Kaspersky?

I'm blaming them for three reasons.

First, it seems like it's their code at fault.

Second, and perhaps more importantly, the functionality this alert system is absurd. What kind of garbage software stacks one message on top of another and then forces you to address each and every one to cancel them? Basic software design tells you that you should have a single window that, if necessary, contains the details of all alerts, and that can be cancelled or delayed with the minimum of fuss. Sometimes when I return to the PC I have eight windows, one on top of the other. In addition, we should have the option to isolate and turn off this specific functionality instead of switching off about a dozen other features at the same time.

Third, they can't even be bothered to post here and keep us informed of what's going on.

I've just seen I've got 29 days left until my renewal. If this isn't sorted in three weeks I'll be buying another AV. I might anyway.

Edited by Si

Share this post


Link to post
2 minutes ago, Si said:

I'm blaming them for three reasons.

First, it seems like it's their code at fault.

Second, and perhaps more importantly, the functionality this alert system is absurd. What kind of garbage software stacks one message on top of another and then forces you to address each and every one to cancel them? Basic software design tells you that you should have a single window that, if necessary, contains the details of all alerts, and that can be cancelled or delayed with the minimum of fuss. Sometimes when I return to the PC I have eight windows, one on top of the other. In addition, we should have the option to isolate and turn off this specific functionality instead of switching off about a dozen other features at the same time.

Third, they can't even be bothered to post here and keep us informed of what's going on.

I've just seen I've got 29 days left until my renewal. If this isn't sorted in three weeks I'll be buying another AV. I might anyway.

To reiterate, my understanding is the conflict is caused by the latest version of chrome which has chromecast functionality hard-wired into the browser (I don't think this has anything to do with chromecast devices); however I think the failure of Kaspersky to communicate clearly is shocking; I'm not a techie and don't understand how long it may take to correct this conflict; but, a simple "bugger, it's broke, we're trying to fix it, and we'll update within 48 hours" costs nothing and lets us know they care before we all clear off to Bitdefender :(

Share this post


Link to post
12 minutes ago, cyberspaceman said:

To reiterate, my understanding is the conflict is caused by the latest version of chrome which has chromecast functionality hard-wired into the browser (I don't think this has anything to do with chromecast devices); however I think the failure of Kaspersky to communicate clearly is shocking; I'm not a techie and don't understand how long it may take to correct this conflict; but, a simple "bugger, it's broke, we're trying to fix it, and we'll update within 48 hours" costs nothing and lets us know they care before we all clear off to Bitdefender :(

Yeah, I used to work as a systems analyst / developer and if our s/w had developed a bug like this, and I hadn't issued a full statement to Helpdesk to send out to the users without hours, and followed it up with daily updates, I'd have been in big trouble.

Share this post


Link to post
6 hours ago, Si said:

Yeah, I used to work as a systems analyst / developer and if our s/w had developed a bug like this, and I hadn't issued a full statement to Helpdesk to send out to the users without hours, and followed it up with daily updates, I'd have been in big trouble.

I used to manage an in-house application in the newspaper industry. The expression "mission critical" applied; it's a Bad Thing if a publication doesn't appear. It's also a Bad Thing to get fired for incompetence. The length of time Kaspersky have known about this horrendous problem without fixing it is completely disgraceful. As usual hordes of users/victims are trying to solve the problem for the vendors - well, it's a very cheap "solution" for Kaspersky, assuming we ever get there.... Unfortunately I only renewed in January so I am reluctant to change my av application unless I can get a refund.

As for the culpability of Chrome, or not, that's something of a red herring. If it is an unfortunate interaction it's still Kaspersky's responsibility to liase with Google in order to arrive at a solution because this situation is doing neither any good. I've changed over to Edge, which I really don't like but looks like becoming permanent.

 

Share this post


Link to post

So I guess since I haven't been in this forum for very long, I am unaware of how long Kaspersky has taken to address this issue, so maybe that's why everyone seems a little fed up.  And I guess even if it isn't Kaspersky's issue, they should still address it in some way.  Either way, I have come up with a fix that worked for me, and you can feel free to try it and see if you get the same results.  

I went into the manage applications section of Kaspersky, selected Google Chrome, went to Exclusions, selected Do not scan all traffic and only for specified IP addresses.  I included all my Chromecast and Google Home IP addresses, and then restarted my PC.  I haven't had a pop-up about the self-signed certs in over 12 hours now.  While I know this is a work around, and not a fix issued by Kaspersky, it seems to work and doesn't really create any vulnerabilities since we should be safe to not analyze traffic between our PCs and Chromecast devices, since they are all on our internal network.  And it is still protecting you from any external sources you are connecting to with Chrome.  In all honesty, if Kaspersky comes out with a fix, it's going to be to ignore certs negotiated in the background between Chrome and Chromecasts, which is essentially what I'm doing.  

Like I said, I know this is not a fix, but people seem to be pretty angry about these pop-ups, and it has taken care of the issue for me until someone comes up with an actual fix.  One issue I can see popping up, is if the IPs change due to a DHCP lease renewing, however my devices usually seem to hang on to the same IPs once they are issued them.  

Good luck, and if you don't like my fix, then simply don't try it, but feel free to tell me if you do try it and it fixes the issue.

Share this post


Link to post
2 minutes ago, Ray5on said:

Same problems with Microsoft edge browser

Can you provide a screenshot?  I'm trying to figure out if the people that aren't using Chrome or don't have Chromecast are getting the same cert issues, or if they are getting a cert issue from an actual website that is also being flagged.  Also, what does the pop up say for the Application section?

Share this post


Link to post
8 hours ago, cyberspaceman said:

To reiterate, my understanding is the conflict is caused by the latest version of chrome which has chromecast functionality hard-wired into the browser (I don't think this has anything to do with chromecast devices); however I think the failure of Kaspersky to communicate clearly is shocking; I'm not a techie and don't understand how long it may take to correct this conflict; but, a simple "bugger, it's broke, we're trying to fix it, and we'll update within 48 hours" costs nothing and lets us know they care before we all clear off to Bitdefender :(

That is not at all clear.  The "workaround" they gave me works...see above.  I have latest version of  chrome and Kaspersky.  I do not have Comcast on the computer.

 

I note these things also.

 

1. Latest version of chrome and kaspersky work on MAC.  No errors no workaround.  No chromecast

 

2. Latesr version of Chrome and Kaspersky work on Windows 7 Home edition...No errors.  No workarounds. No chromecast.

 

3. Only on Windows 10, Lastest Chrome , latest  Kaspersky, and no chromcast  do i see the issue.  That's not to say Chromecast doesn't add to the problem.  But it appears to be operating system/chrome  related.  The only difference here is the operating system with number 2 above...

Edited by jjflash7

Share this post


Link to post

Just an update: Did a Wireshark packet capture on the IP address of one of my Chromecasts.  As you can see in the screenshots, the uuid of the Chromecast matches the self-signed cert that Kaspersky is flagging.  So this is definitely an issue being caused by Google Chrome version 72 only using HTTPS to connect to  Chromecast devices.  Not sure what else to do with this information, but that is definitely what certs are coming from.  Also, my fix of ignoring the Chromecast IPs is still working.

Kaspersky_Chromecast_Cert.JPG

Wireshark_Chromecast_Cert.JPG

Share this post


Link to post

Non-Chromecast people that this is affecting, do you have a Roku or some other type of wireless streaming device?  I think Cast on Google Chrome can also work with those devices.  It may be treating them the same way which would also result in the same self signed cert issue.

Share this post


Link to post

I am having the issue with a computer that I do not cast from. I DO have a chromecast device on the network.

I'll try powering down the Chromecast device and post the results.

Share this post


Link to post
7 minutes ago, H2ooh said:

I am having the issue with a computer that I do not cast from. I DO have a chromecast device on the network.

I'll try powering down the Chromecast device and post the results.

I don't cast to my Chromecasts from the PC I was having issues with either, but since Cast is included in Google Chrome, it still detects the devices on the network and that is when the issues arise.  If there are no casting devices on your network, the issue should go away.  So powering down the Chromecast should take care of the issue for you.

Share this post


Link to post
1 hour ago, H2ooh said:

I am having the issue with a computer that I do not cast from. I DO have a chromecast device on the network.

I'll try powering down the Chromecast device and post the results.

 

1 hour ago, Brion said:

I don't cast to my Chromecasts from the PC I was having issues with either, but since Cast is included in Google Chrome, it still detects the devices on the network and that is when the issues arise.  If there are no casting devices on your network, the issue should go away.  So powering down the Chromecast should take care of the issue for you.

I powered down  the Chromecast device and have experienced no unsigned certificate notifications yet. I then rebooted the affected PC and fired up Chrome... no notice . 

However... when I first experienced the problem I had multiple notices on several external sites. They haven't shown up as of this moment.

Share this post


Link to post
I've had the same issue....and have been clicking on disconnect when the message appears after I open Chrome, everything runs fine afterwards, win 10 user.  Does not occur with Edge on my system, appears confined to Chrome, and no chromecast here
 
It's an annoyance, but not a deal breaker for me...hopefully a solution is forthcoming.  I trust kaspersky more than Google anyway

Share this post


Link to post

Ivorybill, do you have something other than a Chromecast, like a Roku or other streaming device?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.