ctfred0921

Thank you so much for the assistance and working with me on this. Have a wonderful rest of your day/evening.

It’s interesting that the certificate that was presented to me was expired. Yet the SSL checker shows a valid certificate. Am I reading too much into this or could it be an issue/potential attack?

Unfortunately I already accepted the risk so Kaspersky issued a new certificate for the TLS connection. The website I was trying to reach is www.nutribullet.com. It’s not a specific site I’m worried about but more about the certificates the kaspersky is issuing to potentially bad sites. My main suggestion would be to allow the user to actually inspect the certificate before accepting the risk when there are certificate issues with certain websites. The only information I got was that Kaspersky didn’t trust the certificate. This could be caused by a myriad of issues (i.e. literally not trusting the Root Certificate Authority, or expired certificates). Unfortunately, I have no idea why kaspersky doesn’t trust the presented certificates. Thanks for the response.

I see that Kaspersky Total Security has implemented Break and Inspect for HTTPS traffic. I was wondering if there is any way to inspect an untrusted certificate before accepting the risk. I only ask this because the site could be a MITM or some other issue other than just expired certificates. The only way I can think of checking is inspecting the actual certificate offered by the site. Once risk is accepted Kaspersky signs a new certificate to establish the HTTPS connection. I have no way of inspecting the certificate before the break and inspect. Any discussion or thoughts to this would be greatly appreciated. Thank you.