philhippus

Scan Ssl Blocks My Root Certificate.

4 posts in this topic

On Windows, I have imported a certificate into the Trusted Root store on the local machine. When Bitdefender is not set to "Scan SSL", the browser works perfectly to validate my signed certificates. When Scan SSL is on, the certs are flagged as untrusted by the operating system.

This can only mean that Bitdefender has caused my OS to use a different CTL than the default. How can Bitdefender accept the trusted root certificates that I import myself?

Share this post


Link to post
Share on other sites

Hello :)

Welcome to the forums!

Could you please post here your website so we can further investigate this issue?

Thank you!

Share this post


Link to post
Share on other sites

Hello,

The problem is not with a particular website. I have looked into it a bit further. When I import my own trusted root certificate into the Windows certificate store, Bitdefender (with 'Scan SSL' set to 'on') is intercepting my certs and altering them based on its own CTL. This altered cert is then rejected by my OS.

There needs to be a way to manually add a trusted root cert to the Bitdefender CTL, without digging into BD's component files, or BD should use the OS certificate store for validation.

Edit: I should point out I am using my own SSL filtering HTTP proxy that generates signed certs on the fly, alongside BD. In order to get full functionality I have to turn off Scan SSL.

Edited by philhippus

Share this post


Link to post
Share on other sites

Hello :)

Some services or websites do not support SSL scanning.

In this situation, we recommend you to turn off the feature when visiting one of those websites.

Take care.

Share this post


Link to post
Share on other sites