Website certificate problem detected by Kaspersky applications for Mac
This article concerns:
- Kaspersky Standard, Plus
- Kaspersky Internet Security for Mac
- Kaspersky Security Cloud for Mac — Family and Personal
When shopping online or using online banks or payment systems, you need additional protection to avoid data interception as it may result in financial losses.
The Safe Money component protects your online transactions. When you are trying to open a website that falls under the banking category, a Kaspersky solution opens it in a protected browser mode. In this mode, the Safe Money component verifies if the website is genuine and checks its certificate which is used for establishing a secure connection. The list of websites that are opened in the protected browser by default includes popular online banks, payment systems, and online stores. The list is updated during the database update.
If the site doesn't pass the check, you will get a notification about the certificate problem on this website. We do not recommend visiting such websites.
Possible causes of the certificate error
- The certificate has been revoked. The website owner can request revocation if the site was hacked.
- The certificate was issued illegally. The certificate must be issued by a certification authority after the check.
- The certificate chain is broken. The certificates are checked in a chain from the self-signed certificate to the trusted root certificate issued by the certification authority. The certificates in between are used for verification of other certificates in a chain.
Possible causes of the broken certificates chain:
- The chain consists of one self-signed certificate. Such certificates are not verified by the certification authority and cannot be trustworthy.
- The chain does not end with a trusted root certificate.
- The chain contains certificates which are not meant to sign other certificates.
- The root or intermediate certificate has expired or its time has not come yet. The certification authority issues a certificate for a limited period of time.
- The chain cannot be built.
- The domain specified in the certificate does not match the website to which the connection is established.
- The certificate is not meant to confirm the node authenticity. For example, the certificate is intended only for encrypting the connection between the user and the website.
- Usage policy violation. The policy of the certificate is a set of rules which defines the use of the certificate with the specific security requirements. Each certificate must correspond to at least one policy. If there are several policies, the certificate must correspond to all of them.
- Certificate structure is broken.
- An error has occurred when checking the certificate signature.
- If you are sure the website is safe, click I understand the risks and want to continue to proceed.
- If the warning about the certificate problem appears on the same website and prevents you from opening it, restart your macOS device and wait a few minutes before opening this website.