Your connection is not private (Chrome & Edge)

dannyodare · 5 Feb 2017 at 15:04

Hello,

I've recently done a fresh/clean installation of Windows 10 Pro 64-bit, also installing my freshly purchased copy of Bitdefender Interent Security 2017 - with Mozilla Firefox my default web browser.

Everything went fine, or seemed to, but found that there is something wrong with Google Chrome and Microsoft Edge. Chrome says "your connection is not private" (NET::ERR_CERT_AUTHORITY_INVALID) and I get a similar message from Edge - "ceritifcate error: navigation blocked" and every website you go to, or try to go, gives you the message: "There's a problem with this website's security certificate" (and you cannot download anything, etc). There is nothing wrong with Firefox, which works perfectly.

Yes, the date and time is correct, and Bitdefender is my only "real time" security - my other security being the free versions of Spyware Blaster, SuperAntiSpyware and Malware bytes. By the way, I have a dual-boot system with Windows 7 Ultimate 64-bit - also doing a new install of Bitdefender there too, and everything works fine.

Any idea what could be wrong?

Thanks,
DANNY

meandu229 · 5 Feb 2017 at 15:15

What does the certificate say when you view it?

SupraWez · 5 Feb 2017 at 15:23

Does it still do it after Windows 10 has completed its updates?

Caged · 5 Feb 2017 at 15:27

I can only assume Bitdefender is sniffing SSL and has tried to install its own root CA, which Chrome (rightly) is alerting you to.

KIA · 5 Feb 2017 at 16:41

We're seeing at least one of these threads per week.

Try this: https://www.bitdefender.com/support...icates-cannot-be-verified-installed-1090.html

dannyodare · 6 Feb 2017 at 08:17

meandu229 said:
What does the certificate say when you view it?

Edge says about every site (BBC, etc) - "There's a problem with with this website's security certificate. This might mean that someone is trying to trick you or steal any info that you send to the server. You should close this site immediately" (using Bing search engine only, as I'm unable to change change search engines - the option is greyed out).

Chrome - "Not secure - Your connection is not private. Attackers might be trying to steal your information from www.google.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID"
ADVANCED: "www.google.com normally uses encryption to protect your information. When Google Chrome tried to connect to www.google.com this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be www.google.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.
You cannot visit www.google.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later."

Thanks,
DANNY

dannyodare · 6 Feb 2017 at 08:18

Suprawez - Yes, I still get the same messages, etc after all the Windows Updates have been completed.

DANNY

dannyodare · 6 Feb 2017 at 08:20

Caged said:
I can only assume Bitdefender is sniffing SSL and has tried to install its own root CA, which Chrome (rightly) is alerting you to.

Maybe, but I've gone through all of Bitdefender's settings and cannot find anything that looks relevant - ie, SSL scan, HTTPS scan, etc.

DANNY

dannyodare · 6 Feb 2017 at 08:24

KIA said:
We're seeing at least one of these threads per week.

Try this: https://www.bitdefender.com/support...icates-cannot-be-verified-installed-1090.html

Thanks for the link, but in BD 2017 there is no Privacy Control settings (or Module) as such, nor is there an Antiphishing tab or a 'Scan SSL' feature - at least, not that I can find.

CORRECTION! Tell a lie, I eventually found the 'Scan SSL' feature in the Web Protection module - turned it off - and now everything is fine. I like happy endings.

Thanks,
DANNY

dannyodare · 6 Feb 2017 at 08:49

Hello everyone,

Problem solved. Under Bitdefender, I eventually found the 'Scan SSL' feature in the Web Protection module - turned it off - and now everything is fine. I like happy endings.

Thanks,
DANNY

Caged · 6 Feb 2017 at 12:01

It's so ridiculous for these security vendors to break end-to-end encryption because they feel they can do a better job of ensuring a website is free from malware than the people responsible for the website.

LizardKing · 6 Feb 2017 at 12:52

Caged said:
It's so ridiculous for these security vendors to break end-to-end encryption because they feel they can do a better job of ensuring a website is free from malware than the people responsible for the website.

Unfortunately with the likes of letsencypt making ssl certificates essentially free pretty much all the dodgy sites out there now use ssl so it is needed.
thankfully ssl pining is becoming more prevalent.

Though people do need to be more aware of just how much infomation enabling https content inspection opens up to the security software vendors and perhaps the vendors should make the end user more aware of what it enables rather than hiding the options deep in there settings!

KIA · 6 Feb 2017 at 15:37

Caged said:
It's so ridiculous for these security vendors to break end-to-end encryption because they feel they can do a better job of ensuring a website is free from malware than the people responsible for the website.

I don't know about website owners, but I do trust browser developers more than the AV industry.

https://www.google.com/transparencyreport/safebrowsing/
https://en.wikipedia.org/wiki/Microsoft_SmartScreen

All the modern browsers scan URLs and downloads. There's no need for AV to meddle, it only ends up causing security and stability issues.

Pawnless Endgame · 6 Feb 2017 at 19:42

Are you on a VPN? I get this sometimes, with the system's clock apparently not being correct (Firefox and Chrome). I have to disconnect from the VPN and reconnect, then the sites work again. Not sure what causes this though?