This problem is still not resolved. With Avast configured normally (i.e. with web shield activated) most web pages cannot be accessed from Firefox 39.0. Attempting to do so (e.g. attempting to log into gmail) results in the error message below.
My setup details:
MacPro, Mac OS X 10.6.8
Avast 2015, version 10.14(44414), virus definitions 15082404, web shield 0/596
No other anti-malware software installed
Firefox 39.0, no extensions, OpenH264 1.4, and Shockwave Flash 18.0.0.209 plugins active
ERROR MESSAGE:
This Connection is Untrusted
You have asked Firefox to connect securely to mail.google.com, but we can’t confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site’s identity can’t be verified.
What Should I Do?
If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn’t continue.
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.
Technical Details
mail.google.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.
(Error code: sec_error_unknown_issuer)
There were suggestions that disabling https scanning is a workaround for this problem. However, it seems to me that this is not good practice; certainly not a permanent solution.
Some months back, there was an exchange on the "Avast Free/Pro/IS/Premier forum as follows:
PCPhanatic1414
Re: Websites not being trusted with avast 2015, any suggestions ?
« Reply #11 on: November 11, 2014, 05:35:56 PM »
I’m seeing the same error message (sec_error_unknown_issuer) on Firefox 33.1 using Avast Internet 2015.10.0.2208 on ALL https sites and discovered a workaround that MAY be the intended mode of operation:
I exported the Avast Mail Shield SSL certificate, imported it into the Firefox certification authorities, and then edited the trust settings of the cert to allow it to “identify web sites.”
If I keep Avast HTTPS scanning enabled but then disable the trust of the imported “Avast! Web/Mail Shield Root” cert, I can always replicate the Firefox error message on HTTPS sites.
I checked the Chrome Browser and see no error messages when going to HTTPS sites. However, I noted that Chrome already has the Avast! Root cert in it’s collection. I didn’t deliberately import it, so perhaps Avast inserted it correctly in Chrome but not in Firefox?
lukor
Re: Websites not being trusted with avast 2015, any suggestions ?
« Reply #12 on: November 11, 2014, 07:03:46 PM »
Hi,
the way how HTTPS scanning works absolutely requires every browser to have our certificate in its trusted list ( yes it is this one: “Avast! Web/Mail Shield Root” )
So the fix, you’ve just performed is completely correct and the resulting state is exactly how it should be.
For chrome/IE we insert the certificate into the system store - that’s why it works. For firefox, we insert the certificate into the firefox private store during the start of the browsers.
So the problem here is why it fails on your PC.
L.
I’ve spent some time looking for this “Avast! Web/Mail Shield Root” certificate, unsuccessfully. Would someone please provide step-by-step instructions as to how to perform this procedure?
Sorry for the long message,