I use Avast for years. However, recently I’m breaking my head with this antivirus, but not only me, but many people that I know here in my country. I have a e-commerce website and decided to buy a SSL certificate on godaddy. The issue is that AVAST has a option enabled to scan HTTPS traffic. This option makes visitors using AVAST don’t trust my website, even with SSL certificate verified for godaddy. When users click on green padlock to see if website is verified, it display a message “Indentity not verified” and customer go away from website and never come back to buy anything. The problem solves when this option is disabled on Avast Settings, but the main issue is that a lot of people use Avast here in Brazil and this option is enabled for the most of users by default. This is a false positive that display a lie to all these visitors. And it decrease dramatically the sales. The problem also happen with AVAST Website. If you click now on padlock of this forum with this option enabled on settings, will see the message “Indentity not verified”.

People with the same problem discussing here:

http://weblogs.asp.net/owscott/identity-not-verified-in-chrome

Anyone has any solution for this bug??

Avast Forum padlock:

https://uploaddeimagens.com.br/images/000/443/573/original/identity-problem.png

It is not with avast, it is Google saying sayonara to using SHA-1: https://garage.godaddy.com/webpro/security/google-chrome-phasing-ssl-certs-using-sha-1/
If that is so, you need to re-key your certificate as soon as possible.

polonus

Hi polonus, thank you for reply. I have already read this topic. Did all the changes mentioned. My SSL is new and by default, godaddy is already issuing certificates with SHA2. I re-key it a lot of times already. Contacted godaddy. And them say the problem is with AVAST.

This message is displayed only when HTTPS Traffic SCAN is enabled on AVAST.

Hi patrick_teixeirams,

Contact avast at virus@avast.com with a link to this thread and wait for an appropriate answer.
I am just a volunteer with some relevant knowledge, not an avast team member responsible for the SSL scans.
Did you read here: https://feedback.avast.com/responses/mail-shield-ssl-scanning-problems
and here: https://www.winhelp.us/configure-avast-free-antivirus.html

Did you check your SSL security header config here: http://cyh.herokuapp.com/cyh
that will be quite revealing, also look at the recommendations there.

polonus (volunteer website security analyst and website error-hunter)

I’ll contact avast direct on this email.

And do a check on SSL security header. If fix the issue I post here the results… I just contacted godaddy again. They said, they need more information from Avast, the reason why avast is displaying SSL as not verified.

Is the problem still there with the latest version of avast?
2015.10.0.2209

Hi Eddy, I’m using version 2015.10.0.2208. When I try to update to last version I receive a message that my version is already up to date.

Can you please click on padlock of this forum and say me if this problem is happening with you??? If you have HTTPS SCAN enabled, of course. If you see “Indentity is verified”, the problem is on my installed version.

Curious here.

Eddy means the Avast! Beta that has just been released

Lukas ( an Avast! Developer ) mentioned that a lot of the HTTPS scanning problems are solved with the Beta, so please try it and report back :

https://forum.avast.com/index.php?topic=165749.0

Btw. the build number 2015.10.2.2209 mentioned in that topic is wrong, and should be 2015.10.0.2209 .

Greetz, Red.

Hi Rednose, updated to version 2015.10.0.2209 it solved problem. If this beta version become the new stable version, all problems with HTTPS SCAN is fixed.

Now I have to sit and wait some visitors update their versions of avast and not see this message anymore.

Thank you

Good to hear that. Thnx for reporting back

Greetz, Red.