... | ... | @@ -4,6 +4,6 @@ |
|
|
|
|
|
**Question:** I've installed the DNSSEC/TLSA Validator extension into **Firefox on Windows**. The DNSSEC-related part of the extension seems to work well. The key icon usually becomes green on domains secured with DNSSEC. But the padlock icon seem not to work. Either it is saying that there is no TLSA record or it becomes red and the description text says that the certificate does not match the TLSA record.
|
|
|
|
|
|
**Answer:** In most cases this behaviour is caused by an antivirus messing with the HTTPS communication with the server. Many of the today's antivirus programmes, such as Avast and others, have components that interfere with the HTTPS communication. They try to behave as a man in the middle and scan the communication for malicious content. Because the browser would normally complain about such interference the antivirus has to act as a HTTPS server and needs to provide its own server certificate. This certificate naturally does not match the TLSA record.
|
|
|
**Answer:** In most cases this behaviour is caused by an antivirus messing with the HTTPS communication. Many of the today's antivirus programmes, such as Avast and others, have components that interfere with the HTTPS communication. They try to behave as a man in the middle and scan the communication for malicious content (and maybe collecting statistical and doing lots of other stuff). Because the browser would normally complain about such interference the antivirus has to act as a HTTPS server/proxy and needs to provide its own server certificate. This certificate naturally does not match the TLSA record.
|
|
|
|
|
|
Check the information about the page certificate - it should be obvious that the certificate is related to your antivirus programme (AV). Go into the settings of your antivirus and disable HTPPS testing (or how it is called in your AV). This should fix your problem. |
|
|
\ No newline at end of file |
|
|
Check the information about the page certificate - it should be obvious that the certificate is related to your antivirus programme. Go into the settings of your antivirus and disable HTPPS testing (or how it is called in your antivirus). This should fix your problem. If you can't find any such settings then try deinstalling the antivirus from the system to see whether the problem is caused by the antivirus. If you are sure that it is then contact the support of your antivirus programme. |
|
|
\ No newline at end of file |