Using version 14.9 (updated this morning). While trying to get some websites, I’m getting a Chrome message that the connection isn’t private. Seems that the website certificate is signed by Avast untrusted CA, a certificate that expired in 2020… Checked Key Manager, there is an Avast trusted CA that is trusted and unexpired (which I expected to be the CA signing the MitM certs).
Not seeing this on all sites, just on some very specific (and not very popular sites)
Hello,
When we do a MitM, we do a verification of web pages against Apple’s system cert store (similarly like Safari does it). If we find out that a specific certificate is trusted, we generate a certificate signed by Avast Trusted CA; if the certificate is untrusted, we generate one signed by Avast Untrusted CA which is intentionally not in key manager (as we want it to be untrusted).
Please can you test these pages with Safari without Web Shield active? The result of cert verification should be the same, but you should be able to see the exact error. Or if the page is otherwise ok, can you please send me affected pages to ondrej.kolacek at avast.com?
Kind regards,
Ondrej Kolacek
I have this issue since a while for all my local development websites.
I use Mamp self signed certificate but if Https scan is enabled there is no way to load it on Safari (and chrome warns you about the connection)
There’s any way to set them as secure ?
Is there a way to use wildcards for URL exceptions ?
Hello,
I have tested mamp pro generated ssl certificate (just the newly generated blank page) and for me it works fine, since Avast does not intercept local connections. But if your configuration makes it to do so, there are two possible avenues to try:
try copying MAMP_PRO_Root_CA cert from login keychain to system keychain
https exceptions should work; they are for the whole domain, eg. for url “mytest.local/wordpress/index.html” add “mytest.local” as https exception
Kind regards,
Ondrej Kolacek