Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

safari can't verify....

C

Chazz08

Cancelled
Original poster
Dec 4, 2012
560
106
Every time I go to a Google website, such as the search engine or YouTube, Safari tells me, "Safari can't verify the identity of the website..." It won't let me use them either. If I click continue it says the same thing, but instead of Youtube or Google, it says ad.doubleclick.net.

Any idea how to fix this? I tried going to the website in Chrome and it said that it wasn't a private connection and that someone was watching me or trying to get my data. Anyone know what's going on?
 

Attachments

  • Screen Shot 2015-03-15 at 12.19.50 AM.png
    Screen Shot 2015-03-15 at 12.19.50 AM.png
    211 KB · Views: 329
  • Screen Shot 2015-03-15 at 12.20.13 AM.png
    Screen Shot 2015-03-15 at 12.20.13 AM.png
    160.6 KB · Views: 428
  • Screen Shot 2015-03-15 at 12.20.26 AM.png
    Screen Shot 2015-03-15 at 12.20.26 AM.png
    161.7 KB · Views: 229
Issued by: Avast untrusted CA
Click to expand...
Well that's pretty clear, isn't it? You've got Avast installed with their web shield protection enabled.

To get it to work with secure connections, they need to intercept the encrypted communcation somewhat (typically a simple local proxy is used for that purpose) where they decrypt the communication and can perform their scan activities on such decrypted content. Then they need to encrypt it again on the output. And here they use their own certificates because they of course don't have an access to the actual server private keys.

You can either disable that web shield completely (look for something like "web shield" option in the Avast preferences), or disable it just for secure connections (look for something like "scan secured connections" option in the web shield custom preferences). Or if you want to keep it enabled read the following part.

There are some strange things with your setup though. You shouldn't be getting any messages about certificates signed by ("unknown" - as per that message) "Avast untrusted CA" as they all should be signed by "Avast trusted CA" and this authority should have its certificate in the trusted roots (for Safari it's in Keychain Access - System Roots). Check if you've got such certificate there.
In any case it's related to Avast so if you end up thinking it may be Avast bug (and that's entirely possible) contact their support.

As for what Avast does here and why (and that it's actually pretty buggy/insecure if the original server certificate is revoked), you may also have a look here: http://www.thesafemac.com/avasts-man-in-the-middle/
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back