Firefox doesn't recognize the certificate issuer if HTTPS scanning is on

Firefox can show the company name, you are connected to. E.g., if you open the website of Bank of America, and click the lock icon, you can see, that it says Certificate issued to: Bank of America Corporation. This is true, regardless of whether HTTPS scanning is on or off (Menu > Settings > Protection > Core Shields > scroll down to Web Shield > Enable HTTPS scanning).

But, for some websites (e.g., Bank of China), the company name is shown only if HTTPS scanning is off. If it is on, it says Connection verified by a certificate issuer that is not recognized by Mozilla. Clicking on Connection secure shows Verified by: Avast Web/Mail Shield.

Why do some websites work differently? I want to see the company name always.

Note, that if you are turning HTTPS scanning on or off, you have to restart the browser, and sometimes reload the site, to see the effect.

My exceptions list is empty (Menu > Settings > General > Exceptions). Microsoft Edge shows the company name for both websites, regardless of whether HTTPS scanning is on or off.

Firefox 132.0.1 (64-bit)
Avast Free Antivirus 24.10.6133 (build 24.10.9535.881)
Windows 11 Pro 23H2, OS build 22631.4317

If the Web Shield it to work on HTTPS sites then its certificate must also be valid to scan encrypted sites. For me I can see the site certificate in Firefox
b9985

That said I have all settings for the Web Shield enabled including HTTPS enabled.
b9986

So it appears to be working for me.

Thank you.

I have seen the company name some 1-2 months ago. Firefox or Avast changed something. What versions are you using?

Also, what is the certificate chain for these two sites, while HTTPS scanning is on? For me it is the following:

  • www.bankofamerica.com > Entrust Certification Authority - L1M > Entrust Root Certification Authority - G2
  • www.boc.cn > Avast Web/Mail Shield Root

The certificate chain can be checked in the certificate details: Lock icon > Connection secure > More information > View Certificate. This opens an about:certificate page in a new browser tab. The page is divided into several tabs. The certificate chain is effectively the titles of these tabs from left to right. The tab titles are not selectable, but you can select and copy the same name from the Common Name field, see this picture.

Attaching your image to the post make viewing easier within the topic as my previous images.

I get essentially the same

Security > View Certificate.
b9987

Thank you. What about www.boc.cn/en?

I haven’t gone there again as my first visit images show the certificate for BOC.

That screenshot doesn’t show the certificate chain.

First I specifically haven’t gone there again as I really don’t like visiting Chinese sites to check them out - Secondly given my first image shows what I saw for BOC certificate - I feel that the More Details would reveal the same results I got for BOA.

I’m really not sure why it is that you are going in that direction.

Your Firefox seemingly shows the company name correctly for all websites. The more important one (from the two banks) is the one that doesn’t show the company name for me.

The certificate chain of Bank of China website on your computer is interesting for me, because I want to reveal more details for this bug. Does it have the Avast root certificate, and it shows the company name despite of that, or is the certificate chain unchanged by the antivirus – not exactly the same case.

So, would you please send that screenshot, like you did for Bank of America? This link leads to the English version: https://www.boc.cn/en.

Whilst it isn’t exactly the same, Issuer US DigiCert, Inc.

b9988

Thank you. Although the image is cropped: the 3rd certificate is not visible.

It turned out, that the company name is

  • sometimes shown, and
  • sometimes it isn’t (instead it gives the not recognized by Mozilla message),

while I didn’t change anything in the settings of Windows, Firefox or Avast antivirus.

Several websites are not recognized by Mozilla from time to time. I suggest to observe on HTTPS sites, what the lock icon says for a few days. It changes after computer restart, or after page refresh, or I don’t know when, but clearly it isn’t reliable. I think sooner or later you will also see the not recognized by Mozilla message. If you do, please let me know.

Currently Bank of China website works for me, and I cannot even make it be not recognized by Mozilla, no matter how hard I try (by e.g., refreshing the page, opening it in a Private Window, or restarting Firefox).

On the other hand, some pages, like Bank of America, seem to be impossible to show the not recognized by Mozilla message.

@DavidR, please try these 20 websites on your computer. To open them with a single command copy this to cmd.exe (for PowerShell you have to prepend an & before the line):

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.amazon.com/ https://www.youtube.com/ https://www.google.com/ https://www.apple.com/ https://www.usa.gov/ https://www.gov.uk/ https://www.ox.ac.uk/ https://www.nhs.uk/ https://www.nic.cz/ https://www.sport.cz/ https://www.super.cz/ https://www.dsl.sk/ https://www.cas.sk/ https://www.pravda.sk/ https://www.hs.fi/ https://www.telia.fi/ https://www.is.fi/ https://www.dmi.dk/ https://www.dbkk.dk/ https://www.krak.dk/

Check the Site information popup for each page. Please tell me, whether you have or haven’t seen the warning message.

For me some websites have the warning, some don’t have it. If I close all Firefox windows, and reopen these 20 websites, I usually get different results. I am curious, whether you experience the same.

Sorry, I’m going to have to bow out on this one.

My firefox has a lot of regularly open tabs and on my very old system RAM (particularly this) and CPU resources are at a premium. If I have my current 15 tabs and they are close to RAM limits at 81%.

This also gets up to high +90% at which point things are at a crawl pages not loading and firefox spinning its wheels. At that point I literally have to shut down other programs and cull some tabs to take it down to essential and restart the browser.

I see. :frowning:

Unfortunately so, my old laptop is showing its age.

I’m on the lookout for a new one. They are getting ridiculous, AI, this and that, a lot of other gubbins I don’t need.

Things I want, fast CPU and lots of RAM (future proofing it for a while), lots of connectivity ports and not just 1 or 2. I lave lots of stuff (technical term) hanging of my laptop, 2nd monitor, connection to my router, sound bar, printer, mouse. I have been considering a Mini PC, but not very portable having to also carry a monitor and keyboard. So a laptop is my preferred option

Buy a docking station too. If you often take the laptop with you, it’s essential, that you can unplug and plug all the devices easily.

I will post again on this topic, summarizing all the findings in one place. Please don’t reply to that. I hope to attract Avast employees’ attention. If you reply, I’m afraid they will think, that the issue is handled by others, and won’t even read it.

At least I want to make them know this. Reporting bugs isn’t possible in the free version of the antivirus. Thank you.

In Avast Free, go to Menu>About, you should see this to report feedback and bugs:
fbackfree

Indeed. Thank you.

Um, are you referring to cookies dialog?
for example: