safari can't verify....

Discussion in 'OS X Yosemite (10.10)' started by Chazz08, Mar 14, 2015.

  1. Chazz08 macrumors 6502

    Dec 4, 2012
    Every time I go to a Google website, such as the search engine or YouTube, Safari tells me, "Safari can't verify the identity of the website..." It won't let me use them either. If I click continue it says the same thing, but instead of Youtube or Google, it says

    Any idea how to fix this? I tried going to the website in Chrome and it said that it wasn't a private connection and that someone was watching me or trying to get my data. Anyone know what's going on?

    Attached Files:

  2. mag01 macrumors regular

    Apr 10, 2011
    Well that's pretty clear, isn't it? You've got Avast installed with their web shield protection enabled.

    To get it to work with secure connections, they need to intercept the encrypted communcation somewhat (typically a simple local proxy is used for that purpose) where they decrypt the communication and can perform their scan activities on such decrypted content. Then they need to encrypt it again on the output. And here they use their own certificates because they of course don't have an access to the actual server private keys.

    You can either disable that web shield completely (look for something like "web shield" option in the Avast preferences), or disable it just for secure connections (look for something like "scan secured connections" option in the web shield custom preferences). Or if you want to keep it enabled read the following part.

    There are some strange things with your setup though. You shouldn't be getting any messages about certificates signed by ("unknown" - as per that message) "Avast untrusted CA" as they all should be signed by "Avast trusted CA" and this authority should have its certificate in the trusted roots (for Safari it's in Keychain Access - System Roots). Check if you've got such certificate there.
    In any case it's related to Avast so if you end up thinking it may be Avast bug (and that's entirely possible) contact their support.

    As for what Avast does here and why (and that it's actually pretty buggy/insecure if the original server certificate is revoked), you may also have a look here:

Share This Page