"Certificate verification problem detected" and "Cannot guarantee authenticity of the domain to which encrypted connection is established" messages in Kaspersky Free
Issue
When opening a website, a message appears stating that "Certificate verification problem detected" or "Authenticity of the domain to which encrypted connection is established cannot be guaranteed".
Cause
The website may not be safe. There is a possibility that intruders may steal your account data and other personal information. We do not recommend visiting such websites.
For detailed information about what can cause the message to appear, see the section below.
Solution
If you are sure the website is safe, click:
- Show details → I understand the risks and wish to continue:
-
- Continue:
-
-
If you want for the application to stop checking the website and showing warning messages, add the website to the list of exclusions:
- In the application main window, click
. - Go to the Network settings section and select Trusted addresses.
- Click Add and specify the website address from the "Certificate verification problem" message.
- Select Active in the status field and then click Add.
- Click Save.
- In the lower right corner, click Save → Yes.
The website will be excluded from the scanning list.
- In the application main window, click
Why does the warning message appear
- The certificate has been revoked. For example, the website owner can request revocation if the site was hacked.
- The certificate was issued illegally. The certificate must be issued by a certification authority after a proper check.
- The certificate chain is broken. The certificates are checked in a chain from the self-signed certificate to the trusted root certificate issued by the certification authority. The certificates in between are used for verification of other certificates in the chain.
Possible causes of the broken certificates chain:- The chain consists of one self-signed certificate. Such certificates are not verified by the certification authority and cannot be trustworthy.
- The chain does not end with a trusted root certificate.
- The chain contains certificates which are not meant to sign other certificates.
- The root or intermediate certificate has expired or its operation period has not begun yet. The certification authority issues a certificate for a limited period of time.
- The chain cannot be built.
- The domain specified in the certificate does not match the website to which the connection is established.
- The certificate is not meant to confirm the node authenticity. For example, the certificate is intended only for encrypting the connection between the user and the website.
- Certificate usage policy has been violated. The policy of the certificate is a set of rules which defines the use of the certificate with the specific security requirements. Each certificate must correspond to at least one policy. If there are several policies, the certificate must correspond to all of them.
- Certificate structure is broken.
- An error occurred when checking the certificate signature.
What to do if the message keeps reappearing
If you have already added the website to the list of exclusions but the warning message keeps reappearing, restart the Kaspersky application or restart your computer.
If the issue persists after the restart, try looking for a solution on our Community page or start a new topic with the detailed description of the issue and wait for other community members to comment on it.
