Firefox does not work correctly with KAV 2017
After installing KAV 2017 Firefox blocks many sites by unknown reasons, e.g. "your connection is not secure. The ownere of mykaspersky.comhas configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. The site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate." This happens with many other websites, e.g. Visa, Amex etc. Absolute nonsens. Solution known ?
الحل المُختار
WernerP said
After installing KAV 2017 I did what is recommended, I installed the certificate (Kaspersky).
And that did not work? If you did not remove the authority certificate for the old version of Kaspersky, please try that in addition to importing the new certificate. Here's how:
Open Firefox's Certificate Manager:
"3-bar" menu button (or Tools menu) > Options
In the left column, click Advanced
On the right side, make sure the Certificates mini-tab is selected and then click the View Certificates button
In the Certificate Manager dialog, click the "Authorities" mini-tab (not the Personal or Servers mini-tab, which might initially be displayed by default)
If you see an existing "Kaspersky Anti-Virus Personal Root Certificate"
- Select it and Click "Delete or Distrust" -- I'm not sure how to recognize the older vs. the newer one, but if you view the certificate, the newer one likely has a later expiration date
If you end up deleting all of them, you can re-import the newer one using the steps you used before.
If you can't find the newer certificate there, you could try importing it manually. These steps are from an older Kaspersky Forums post:
In the Certificate Manager, while viewing the Authorities tab, click "Import..."
Proceed to "C:\ProgramData\Kaspersky Lab\program-folder\Data\Cert\" either:
Windows XP: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP 17.00\Data\Cert
Later Windows: [To be determined]
Select "(fake)Kaspersky Anti-Virus Personal Root Certificate.cer" and Open! (This is the name the file had in the past. Has it changed?)
Set Firefox to trust that certificate for websites, and ignore the other two options.
Read this answer in context 👍 2All Replies (17)
hi WernerP, yes - please refer to the section about kaspersky at How to troubleshoot security error codes on secure websites
thanks a lot, philipp. But the link you sent me refers to KAV 2016, and this is working perfectly with Firefox. After installing KAV 2017 I did what is recommended, I installed the certificate (Kaspersky). I refuse to use the other - maybe - solution, because this would reduce my security. I think that the team of firefox makes too many updates and they are not on time with new software of Kaspersky. I am open to try other solutions, or to wait or to remove firefox
الحل المُختار
WernerP said
After installing KAV 2017 I did what is recommended, I installed the certificate (Kaspersky).
And that did not work? If you did not remove the authority certificate for the old version of Kaspersky, please try that in addition to importing the new certificate. Here's how:
Open Firefox's Certificate Manager:
"3-bar" menu button (or Tools menu) > Options
In the left column, click Advanced
On the right side, make sure the Certificates mini-tab is selected and then click the View Certificates button
In the Certificate Manager dialog, click the "Authorities" mini-tab (not the Personal or Servers mini-tab, which might initially be displayed by default)
If you see an existing "Kaspersky Anti-Virus Personal Root Certificate"
- Select it and Click "Delete or Distrust" -- I'm not sure how to recognize the older vs. the newer one, but if you view the certificate, the newer one likely has a later expiration date
If you end up deleting all of them, you can re-import the newer one using the steps you used before.
If you can't find the newer certificate there, you could try importing it manually. These steps are from an older Kaspersky Forums post:
In the Certificate Manager, while viewing the Authorities tab, click "Import..."
Proceed to "C:\ProgramData\Kaspersky Lab\program-folder\Data\Cert\" either:
Windows XP: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP 17.00\Data\Cert
Later Windows: [To be determined]
Select "(fake)Kaspersky Anti-Virus Personal Root Certificate.cer" and Open! (This is the name the file had in the past. Has it changed?)
Set Firefox to trust that certificate for websites, and ignore the other two options.
Modified
jscher2000 thank you very much for your advice. I will probably try it out. The core of the problem is that a user who works with browsers and AV software has to rely on those. More or less complicated solutions mean that the producers of these programs made something not perfect. For me, Kaspersky is more important that Firefox. therefore I am rather ready to remove firefox than Kaspersky. Well, I got also some advices from Kaspersky customer service, as soon as possible I will try out. For this, I have to make a system backup and if necessary a system recovery. I do not leave the trash of installations on my system. I will inform you about an success.
It is due to Kaspersky and other antivirus clients inserting its own certificate (that is set in client by default) in their attempts to try and keep you safe but instead is causing secure connection issues like this. This over the last couple years has been making people blame insert versions of Firefox when it really was not a Firefox problem on Windows.
james, your answer is interesting but not a solution for me. If in the future Firefox will not cooperate with kaspersky, I will never quit Kaspersky, in my opinion the best AV software worldwide, but firefox
here you can read how the feature of the in your opinion "best AV software worldwide" that breaks firefox makes you actually less secure: https://blog.hboeck.de/archives/869-How-Kaspersky-makes-you-vulnerable-to-the-FREAK-attack-and-other-ways-Antivirus-software-lowers-your-HTTPS-security.html
philipp, my object is not a discussion about Kaspersky, especially not using a blog of a German user. Thanks for your understanding
http://www.securityweek.com/antivirus-software-has-negative-impact-https-security-researcher
Point is Kaspersky is the cause of the secure connection issues and can make you vulnerable if you have the feature enabled.
james, your posting is not helpful for my question. I did not post it for a discussion about Kaspersky. BTW: I know Norton, I know Mc Afee and I prefer Kaspersky. Hopefully your answer is not part of the cold war opened by some politicians to slander Russian enterprises.
jscher200, I am sorry to inform you that your advises refer to an older version of Kaspersky.
WernerP said
jscher200, I am sorry to inform you that your advises refer to an older version of Kaspersky.
I'm not going to buy Kaspersky to learn the old certificate name and new folder path, so I asked you to help us with that information. If you cannot, please try Kaspersky's forums.
Well, I did not find a folder in Kaspersky Lab with certificates. I am sorry for not being helpful. Of course I am in contact with Kaspersky support. Thank you anyway
jscher2000, your first advice was correct. To import manually the Kaspersky certificate is the solution. Thanks a lot !
Hi WernerP, where did you find the certificate in the new version? Or did you need to either export it from IE or download it from Kaspersky?
jscher2000, the certificate is found in documents and settings/all users/application data/Kaspersky Lab/AVP 17.00/Data/Cert
Thanks, I'll add that to my earlier post!