How do I "toggle off SSL Scan" in TS 2018?


Bitdefender total Security 2018 substitutes it's HTTP Strict Transport Security (HTTPS) certificate (Bitdefender Personal CA.Net-Defender) in a way that Firefox does not accept for many, many websites (startpage/ixquick, mozilla, finance.yahoo, reddit, etc., etc., etc).  It gives the following error: 


SEC_ERROR_UNKNOWN_ISSUER


Sometimes Firefox does not allow a security exception, sometimes the exception button is there but it will not confirm/allow the exception. 


The Mozilla help/support suggested solution is to toggle off SSL Scan" which I am willing to do as I also run MalwareBytes Anti-ransomware beta, HitmanPro and Zemana.  But I do not find a way to toggle off SSL Scan in total Security 2018.  I did toggle off "Advanced Threat Defense" but it did not resolve the problem. I did white list www.ixquick.com and www.startpage.com in "Web Protection" but that did not work either ( I did not try to white list all the many, many other blocked websites.)


Firefox is the only browser affected.  Pale Moon, Commodo Ice Dragon, (both Mozilla/Firefox based) Chrome, Maxthon all continue to work on the blocked websites.


Any help would be highly appreciated.

Comments


  • As long as you understand the consequences of this use change you can find it here:

    Bitdefender > Protection {B shield icon) > View Features > Web Protection > Settings (gear icon) > Scan SSL: (set of off)


    I am using Bitdefender Total Security 2018 v22.0.10.131 (clean install, not upgrade), use Firefox 55.0.3 (64-bit). have SSL scanning enabled, and am not having this issue. I went to https://www.ixquick.com/ with no issue. I use the Firefox SSLeuth add-on and can verify that Firefox is using the Bitdefender created personal certificate.


    Firefox uses its own certificate store, while Chrome/Internet Explorer/Edge use the WIndows certificate store. Can you check that the Bitdefender personal certificate is installed in the Firefox certificate store? Go to Firefox > Tools > Options > Advanced > Certificates > View Certificates > Authorities tab. Look for "Bitdefender Personal CA.Net-Defender (Software Security Device)". You can click the certificate, then View, and check that:

    * The certificate uses contains: SSL Certificate Authority

    * The certificate period of validity covers current time period



  • 5 hours ago, netmon said:



    As long as you understand the consequences of this use change you can find it here:

    Bitdefender > Protection {B shield icon) > View Features > Web Protection > Settings (gear icon) > Scan SSL: (set of off)


    I am using Bitdefender Total Security 2018 v22.0.10.131 (clean install, not upgrade), use Firefox 55.0.3 (64-bit). have SSL scanning enabled, and am not having this issue. I went to https://www.ixquick.com/ with no issue. I use the Firefox SSLeuth add-on and can verify that Firefox is using the Bitdefender created personal certificate.


    Firefox uses its own certificate store, while Chrome/Internet Explorer/Edge use the WIndows certificate store. Can you check that the Bitdefender personal certificate is installed in the Firefox certificate store? Go to Firefox > Tools > Options > Advanced > Certificates > View Certificates > Authorities tab. Look for "Bitdefender Personal CA.Net-Defender (Software Security Device)". You can click the certificate, then View, and check that:

    * The certificate uses contains: SSL Certificate Authority

    * The certificate period of validity covers current time period



    Thanks for your help.


    Everything was working great (including Firefox) until Bitdefender updated me from the 2017 total Security version version to 2018.  Then Sandboxie would not start up.  I uninstalled BD TS and Sandboxie worked.   I had thoroughly uninstalled BD  TS using Revo Uninstaller Pro.  I had problems reinstaller BD TS from BD Central but after using the unisntall and cleaning tool and cleaning my registry and making exceptions for the BD TS install file in MalwareBytes Anti-ransomware Beta, HitmanPro and Zemana I got it to install, butthen fire would not connect to certain websites.


    I would like Scan SSL to be on in BD TS.


    I looked at the "view certificates" for Firefox and there is no entry for Bitdefender.  There is also no entry for BD in the Pale Moon and Commodo ice Dragon "view certificates.


    I searched some more and found I should be able to import a BD certificate from mitm_cache in the Bitdefender Security folder, but I do not know how to do this.  I do see some files there labeled "fake-ca.*"  so I will need to research how to import A certificate safely.



  • 1 hour ago, Tambourineman said:



    So I will need to research how to import A certificate safely.



    Maybe this post about importing Firefox certificates by Bitdefender technical support will help?

    /index.php?/topic/76696-safepay-doesnt-work-with-all-browsers-except-ie/&do=embed&comment=273507&embedComment=273507&embedDo=findComment" style="height:251px;max-width:502px;">


     



  • 9 hours ago, netmon said:



    Maybe this post about importing Firefox certificates by Bitdefender technical support will help?

    /index.php?/topic/76696-safepay-doesnt-work-with-all-browsers-except-ie/&do=embed&comment=273507&embedComment=273507&embedDo=findComment" style="height:251px;max-width:502px;">


     



    I imported (or tried to - see below) the fake-ca.crt.  I am not sure why a presumably valid certificate is named "fake" but whatever.  I checked all the boxes and did not get an error message.  but that did not resolve the problem. 


    When I went back to view certificates again Bitdefender was still not listed so I am not sure I successfully imported it.


  • I have imported other (non-BItdefender) certificates into Firefox before using that process and it worked or gave me an error if the certificate was bad.


    I'm just guessing but one option could be one of your other security tools is blocking the certificate installation. That would be a reasonable measure considering how sensitive the certificate store is. Did you get any error messages, events, or other indications that the certificate import did not work in Windows or any security tool? Can you temporarily disable them during the certificate import?


    Again guessing, but another other option is your Firefox cert database is corrupt. This link explains how to reset the Firefox certificate store (note: you will lose any installed non-standard certificates or host specific certificate exceptions). Basic process: exit Firefox, rename cert8.db to cert8.db.old (in case you want to revert back), restart Firefox (should automatically re-create cert8.db), manually import certificate: reset certificate settings



  • 21 hours ago, netmon said:



    I have imported other (non-BItdefender) certificates into Firefox before using that process and it worked or gave me an error if the certificate was bad.


    I'm just guessing but one option could be one of your other security tools is blocking the certificate installation. That would be a reasonable measure considering how sensitive the certificate store is. Did you get any error messages, events, or other indications that the certificate import did not work in Windows or any security tool? Can you temporarily disable them during the certificate import?


    Again guessing, but another other option is your Firefox cert database is corrupt. This link explains how to reset the Firefox certificate store (note: you will lose any installed non-standard certificates or host specific certificate exceptions). Basic process: exit Firefox, rename cert8.db to cert8.db.old (in case you want to revert back), restart Firefox (should automatically re-create cert8.db), manually import certificate: reset certificate settings



    Wow!  Whew!  That worked!  It imported and shows in the list.  And, I can view HTTPS websites.  Thank you so much.