Certificate warning but site is genuine [website cert is invalid] [HTTPS Everywhere]

[Flood and Flood's wife]

Hi @Wesly.Zhang,

We did the test last night & again tonight:

 

Link

 

Thank you🙏

Flood🐳+🐋

 

[rufford155]

Sorry guys this is dragging on too long and life’s too short.

Thanks for trying to understand it anyway.

I’ll just put up with it.

[Wesly.Zhang]

Sorry guys this is dragging on too long and life’s too short.

Thanks for trying to understand it anyway.

I’ll just put up with it.

Hello,

OK, that’s fine. Could you please mark any reply as best answer you think to finish the topic. Thanks.

Regards.

[rufford155]

How can I mark a best answer when I don’t have any useful reply ?

The best answer would be “Kaspersky have at last realised that their certificate warning system is not fit for purpose because having a site name different from the issued to name is perfectly legal and acceptable so does not render the site dangerous and they are going to fix it”

I have been trawling the forum and have found that this issue has been going on for years with numerous complaints about it but absolutely no action has been taken.

[rufford155]

Now it doesn’t like Microsoft update and even clicking to go there anyway doesn’t work !!!!!!!

[Flood and Flood's wife]

What response have you had from Kaspersky Technical Support @rufford155 ?

[rufford155]

I haven’t bothered because so may other people have complained about this that somebody must already have gone to support.

By the way, at one time - maybe a year ago or so - KIS was even rejecting Kaspersky’s own certificates !!!!

They managed to fix that somehow but haven’t for all the other instances whci are ongoing and, in fact, getting worse.

[Flood and Flood's wife]

In the Community portal, from time to time, there’s certificate questions that get raised, however, your case appears to be different, in that, if we understand correctly, your system is impacted by multiple certificate issues. 

Someone else going to support is unlikely to fix what’s going on for you. 

[rufford155]

Here’s a really good one !   In fact the best one yet.

You can see that the URL belongs to gov.uk

And the certificate issued to www.gov.uk

This is the official UK government domain and there is obviously nothing wrong here.

Why cannot Kaspersky understand this ?

 

[Flood and Flood's wife]

@rufford155,

We’ve tested & cannot replicate Certificate name mismatch for www.gov.uk.

If the persistent certificate issue is so frustrating, and clearly it is because you’re complaining so loudly & frequently, why don’t you log a case and give Kaspersky Technical Support the opportunity to assist you? 

They will happily do so, but not without a case and data, none of which can be submitted here in the Community:

 

[Wesly.Zhang]

@rufford155,

We’ve tested & cannot replicate Certificate name mismatch for www.gov.uk.

If the persistent certificate issue is so frustrating, and clearly it is because you’re complaining so loudly & frequently, why don’t you log a case and give Kaspersky Technical Support the opportunity to assist you? 

They will happily do so, but not without a case and data, none of which can be submitted here in the Community:

 

Hello,

As I know, this issue is not related to KL Product. This problem is on his/her PC OS or network enviroment.

@rufford155 , I provide the following situation may lead to your issue. Please check thoes situation. I think maybe KL technical support will not tell you so much of these information.

Problem for OS maybe related to certification verification chain.

1. Maybe there is a running network traffic proxy service in OS. It decode encryption network traffic using its fake certificates and scan decoded network traffic, which this behavior will lead to this issue. We call this technolgy as Intermedicate Certification injection. So For you, It need confirm whether there is a browsers addone has this function, such as the type of Anti-banner addones. If those addone need access block banners in encrypted network traffic (https), They need do this. In order to determine whether this problem is caused by this problem, Please disable/Close/uninstall those addones and program and reboot OS before recheck this problem.And also need to check VPN services or Anti-banner program solo running in OS.
2. DNS services pollution. The explain could be found in google search, I won't say much here. In order to determine whether this problem is caused by this problem, Please set other DNS server, such as google dns server (8.8.8.8, 8.8.4.4) or what you think is more appropriate dns server.
3. The network router maybe has a anti-banner function, this should check router settings page, It is better to restore the router to factory settings.
4. Local digital signature information is chaotic or missed. It can be fixed via doing a windows update.
5. Some websites use CDN network services to improve their website response time and reduce network traffic and protect/hide real server IP to web servers directly. If some CDN nodes have a digital certification issue, Every CDN nodes control network traffic from somewhere. This also occur this issue. In some enviroment, We access those website is OK, but someone may not.
6. There is a malware existed in OS, It intercepts encrypted network traffic to obtain the information in it, such as bank account numbers and passwords (usually online banking uses the https protocol), but I think this malicious program is now obsolete, and now is the era of ransomware, so you can make money quickly. And the technical level of software development is also low.

Every case need you check.

Regards.

[Flood and Flood's wife]

@Wesly.Zhang

1. Whether the issue is local or not, it’s irrelevant, @rufford155 clearly believes it’s a Kaspersky issue, however, the root cause cannot be determined by us (the Community), it should be investigated by Kaspersky Technical Support, for that to happen a case needs to be logged & data submitted; whether @rufford155 does that or not is up to him; if he wants the issue resolved he will do so. 
2. Your last reply, posting advice to @wgcuser or is it for @rufford155 🤔 
3. Please provide the URLs for the 6 cases? 

Thank you🙏

Flood🐳 +🐋

[Wesly.Zhang]

@Wesly.Zhang

1. Whether the issue is local or not, it’s irrelevant, @rufford155 clearly believes it’s a Kaspersky issue, however, the root cause cannot be determined by us (the Community), it should be investigated by Kaspersky Technical Support, for that to happen a case needs to be logged & data submitted; whether @rufford155 does that or not is up to him; if he wants the issue resolved he will do so. 
2. Your last reply, posting advice to @wgcuser or is it for @rufford155 🤔 
3. Please provide the URLs for the 6 cases? 

Thank you🙏

Flood🐳 +🐋

Hello,

Thanks for informing me. I have edited it.

Regards.

[rufford155]

@rufford155,

We’ve tested & cannot replicate Certificate name mismatch for www.gov.uk.

If the persistent certificate issue is so frustrating, and clearly it is because you’re complaining so loudly & frequently, why don’t you log a case and give Kaspersky Technical Support the opportunity to assist you? 

They will happily do so, but not without a case and data, none of which can be submitted here in the Community:

 

This looks like you have gone straight to www.gov.uk - I don’t have any problem doing that either.

Now try going to www.bonavacantia.gov.uk - in your browser, not this link - that’s what doesn’t work for me from my bookmark or direct from the address bar.

Clicking I understand and Continue gets me there, notwithstanding HTTP everywhere.

It’s a subsite of gov.uk with info about unclaimed assetss and estates.

Like my other examples, it’s clearly a case of Kaspersky not recognising that the URL is a sub-set of the Issued to name.

[rufford155]

Wesly - thanks, I will look at your stuff when I have a lot more time but I still believe it’s down to Kaspersky.

Flood - ditto regarding support

[Flood and Flood's wife]

1. This looks like you have gone straight to www.gov.uk 
2. Try going to www.bonavacantia.gov.uk - in your browser, not this link - that’s what doesn’t work for me from my bookmark or direct from the address bar.

Like my other examples, it’s clearly a case of Kaspersky not recognising that the URL is a sub-set of the Issued to name.

@rufford155, 

1. Yeah we did, no 🔮 ball!
2. If we’ve not done the test exactly as you require please specify:

Link

 

 

[rufford155]

Yeah we did, no 🔮 ball!

Not sure what this means ?

But it looks like it’s all OK for you which is very interesting indeed.

Also looks like you are on Firefox whereas I am using Edge but not sure why that should make any difference.

I don’t have Firefox but I will try in Chrome.

[rufford155]

No problem in Chrome so must be something to do with Edge.

Maybe an incompatibility between Edge and and KIS.

So definately something support should be made aware of.

But I will carefully check all my settings in both first - soon.

[Flood and Flood's wife]

Delete please, 

Thanks. 

[rufford155]

Well I have solved the damn thing at long last, hope you are still with me.

There was no problem with Chrome (or IE) so I compared the extensions I had in Edge to those in Chrome and removed one-by-one those only in Edge and re-tried the bonavacantia.gov.uk site each time - the last one tried solved it !

Eureka!!!!  The culprit was HTTPS Everywhere, so I have removed it permanently.

I have also checked a couple of the other bookmark links and they are all now OK.

Only goes to prove there is always an answer even if you don’t understand the reason for it.

I thank you sincerely for your help and can only apologise for taking up your time.

[Flood and Flood's wife]

Hello @rufford155, 

You’re welcome!

Hmmm, maybe you need to read your topic & count the number of times you blamed Kaspersky. 

Thank you🙏

Flood🐳 +🐋

[rufford155]

Well as it is an incompatibility between KIS and HTTPS Everywhere - a very common and popular Chrome/Edge extension - surely Kaspersky is due at least half of the blame.

What’s the best way of informing them about it now ?

[Flood and Flood's wife]

Same as before @rufford155

Thank you🙏

Flood🐳 +🐋

[rufford155]

Request sent to Kaspersky support :

I was getting "invalid name if certificate" warnings for several websites that I had used successfully in the past which I therefore believed were false positives. See the example screenshot attached. I knew that my bookmarked site "www.bonavacantia.gov.uk" was merely a subset of "www.gov.uk" which is the official domain of the UK government and therefore perfectly legitimate. I had a long exchange in a community thread which failed to solve the problem. I was using MS Edge at the time but then discovered that the problem did not replicate if I switched to Chrome. So I compared the extensions I had in Edge to those in Chrome and removed one-by-one those only in Edge and re-tried the bonavacantia.gov.uk site each time - and the last one tried solved it ! Eureka!!!! The culprit was "HTTPS Everywhere", so I have removed it permanently. I have also checked a couple of the other bookmark links and they are all now OK. HTTPS Everywhere is a common and popular extension for Edge, Chrome and probably other browsers but I believe that I have proven that Kaspersky Internet Security has a incompatibility with it that causes these false positive warnings. So I am requesting that you investigate this and fix this incompatibility. Thank you.

Files:Screenshot (25).png

[Flood and Flood's wife]

Link