Do Not Replace Valid Certificates With Untrusted Bitdefender Ca

If Scan SSL is turned on, but BitDefender is unable to scan the stream, then it replaces the site's certificate with Untrusted BitDefender CA, even if the site's certificate is 100% valid.


Do I have that right? If so, it's an enormous problem. In fact, it's an outright design flaw. Chrome and Firefox now check those certificates and make the user jump through painful hoops because BitDefender's replacement CA is invalid.


Give the user an option to replace the certificate with Untrusted BitDefender CA if they want. But the default action must be to leave all valid certificates as they are. By all means flag an unreadable SSL stream somewhere on the browser window with a warning, but do not replace a valid certificate.

Comments

  • "Amen" to that.


    Have a great day.


    Regards,


    -Phil

  • If Scan SSL is turned on, but BitDefender is unable to scan the stream, then it replaces the site's certificate with Untrusted BitDefender CA, even if the site's certificate is 100% valid.


    Do I have that right? If so, it's an enormous problem. In fact, it's an outright design flaw. Chrome and Firefox now check those certificates and make the user jump through painful hoops because BitDefender's replacement CA is invalid.


    Give the user an option to replace the certificate with Untrusted BitDefender CA if they want. But the default action must be to leave all valid certificates as they are. By all means flag an unreadable SSL stream somewhere on the browser window with a warning, but do not replace a valid certificate.


    I don't know if you're right but we have to disable SSL checking in bitdefender for each installation because users are unable to check their email in Outlook, live, etc...