• Register

I'm getting an error with Avast SSL on my Chrome browser

0 votes
10,692 views
How do I solve the error message 'avast! Web/Mail Shield Root' that I'm getting in my Chrome browser?
asked Jan 27, 2015 in SSL Certificates by bobbyjoe (160 points)
    
You also be aware that Avast! is acting as a man-in-middle actor. You may want this or not but at least be aware of what is going on http://security.stackexchange.com/questions/73476/why-is-avast-web-mail-shield-root-listed-as-ca-for-google-com

1 Answer

0 votes
Please verify that the version of Avast that you are using is up-to-date. Avast 2015 uses HTTPS scanning to secure your computer. This process involves installing a Trusted CA Root to your computer and then generating security certificates from that Root, based on the actual certificates on the website.  That is to say the certificate matches the expiration date of the original SSL.  In this manner, Avast is able to scan your HTTPS content prior to it reaching your computer.

 

The problem comes from beta versions of the software that create the locally-generated security certificate using the sha1 algorythm.  Additionaly, there is a rule in Chrome that automatically distrusts any website that uses sha1 past January 1, 2017.  So when you use the older version of Avast and visit a website with a certificate that expires after January 1, 2017, the older version of Avast will create a sha1 certificate for the website that triggers the Chrome rule.  Hence, your website is "untrusted" in Chrome.

 

I've spoken to Avast technical support and they assure me that the current versions of the software issue the replacement certificates using the SHA256 algorythm, which should prevent the error from occurring.

 

TL;DR:  Update your Avast software.
answered Jan 27, 2015 by TomZ. (1,090 points)

Related questions

0 votes
2 answers 485 views
485 views asked Jan 26, 2015 in SSL Certificates by bobbyjoe (160 points)
0 votes
1 answer 14,690 views
0 votes
1 answer 2,209 views
...