Although the certificate of OVH provider is valid, it expires in 2018, avast warns me that the certificate is revoked and blocked access to the page.
Both the official website, ovh.com, ovh.it and their support forum is locked because of the revoked certificate.
Attach image with a warning that I will appear in the bottom right.
Avast version: 12.3.2280
Virus definition: 161013-1
Vianello_85
There seems to be a problem in the detection of the certificate.
Multiple people have reported it with various sites.
You can test things here > https://www.ssllabs.com/ssltest/
There WAS a problem with GlobalSign certificates, wrongfully revoked:
(But Avast didn’t update this information yet !!!)
Read this: https://www.globalsign.com/en/customer-revocation-error/
Also at their Facebook page: https://www.facebook.com/GlobalSignSSL/posts/1385175904850597
avast hasn’t got to do any updates at all as it isn’t avast that is issuing those certificates or install them on the troubled servers.
However, in the meantime, GlobalSign will be providing an alternative issuing CA for customers to use instead, issued by a different root which was not affected by the cross that was revoked
We are currently working on the detailed instructions to help you resolve the issue and will communicate those instruction to you shortly
I’m having trouble with certificates accessing my hotmail account using POP3, avast claims the cert. is revoked. Could it be related?
If they are using a certificate from Globalsign it is almost certain it is.
You can check who the issuer is with https://www.ssllabs.com/ssltest/
thx!
Edit: I got “assessment failed: Unable to connect to the server”, for pop3.live.com , same result for pop-mail.outlook.com.
(no surprise there, since pop3.live.com is an alias)
I believe there’s nothing the users can do to fix this, except wait, right?
BTW, If I uninstall avast, then I can access the server normally, no errors and mails go in and out as usual.
Finally, If I click on the “view” button on the window that pops up when I try to access my hotmail account using Thunderbird, I can see the certificate, is -in fact- issued by Globalsign.
Edit: Clearing the certificate cache doesn’t fix it.
Indeed, users that are visiting https websites that are using one of the affected certificates from Globalsign can’t do anything to prevent the message from showing up.
Only the owners of the servers that are using those certificates can do something about it.
Removing avast will (ofcourse) prevent the message being showed, but that means sites that are using a certificate that really is revoked are not being blocked and that is a security risk.
Within 4-7 days everything should be fine again.
Avast Web and Mail Shields use Windows API for verifying certificates, so this description should solve the issue with blocking by avast:
https://support.globalsign.com/customer/portal/articles/1353318
OVH has opened a ticket about the problem with certificates, suggesting the procedure that you have already indicated
http://travaux.ovh.net/?do=details&id=20791&PHPSESSID=cd39ce7f150566f4e1eeee0afedf8061
Like I said, clearing the certificate cache, as described in that globalsign article didn’t solve anything.
Luckily, Hotmail is working fine again as of today.
I gave the following commands as an administrator in the dos prompt
certutil -urlcache * delete
certutil -urlcache crl delete
but he not totally solved my problem, now ovh.com opens, but not ovh.it
Vianello_85
As stated on the Globalsign website, it can take a couple of days before all affected sites are working without a problem again.
As regards the problem with OVH, the problem is solved
Ciao!
Vianello_85