Why is https://www.auskec.kr/ flagged by BD as unsafe?

DIVERSE
DIVERSE ✭✭✭
edited January 17 in General Topics

At https://www.auskec.kr/ (in Opera, on Windows) I get

~~~~~

Web Protection by

Bitdefender

Suspicious page blocked for your protection

https://www.auskec.kr/

Your connection to this web page is not safe due to an untrusted security certificate.

Phishing sites often use fake certificates that trigger this alert, and their goal is to obtain your sensitive information.

TAKE ME BACK TO SAFETY

I understand the risks, take me there anyway

If you know this page is not dangerous, you can add it to your Exceptions list of trusted websites. Be aware that you will not be warned about any threats existing on this page.

~~~~~

However, based on my basic knowledge of certificate problems, it doesn't seem to be an issue of the certificate being missing, nor with wrong dates, nor with wrong URL/domain. In fact, the certificate even seems to be issued by BitDefender. Or maybe the data are in the wrong fields; e.g. "www.auskec.kr" is stored in "Certificate Subject Alternative Name". Or maybe just something else wrong/missing.

If I ignore the BD warning, then Opera says the "connection is secure" and the "certificate is valid". Although there's still some problem, as I don't see any content. (The site content comes up OK through regular HTTP though.)

Why is that so?

Answers

  • DIVERSE
    DIVERSE ✭✭✭

    OK, from @Flexx's advice in another post I went to https://www.sslshopper.com/ssl-checker.html#hostname=https://www.auskec.kr , which reports two warnings (not errors).

    ~~~~~

    The certificate is self-signed. Users will receive a warning when accessing this site unless the certificate is manually added as a trusted certificate to their web browser. You can fix this error by buying a trusted SSL certificate

     None of the common names in the certificate match the name that was entered (www.auskec.kr). You may receive an error when accessing this site in a web browser. Learn more about name mismatch errors.

    ~~~~~

    So when I browsed the certificate I read

    "Issued by [...] Bitdefender"

    But it seems I was supposed to read on to spot the problem?

    "Issued by [...] Bitdefender Personal CA.Net-Defender".


    FWIW, VirusTotal yields a 100% clean result for the website.

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    Here's a breakdown of the issues and potential solutions:

    1. Self-Signed Certificate:

    • Meaning: The website is using a certificate that wasn't issued by a trusted Certificate Authority (CA). Browsers often flag this as a potential security concern.
    • Solutions:
      • Purchase a trusted SSL certificate: This is the recommended approach for public websites. It ensures browser trust and enhances security.
      • Manually add the certificate as trusted: This is a workaround for controlled environments where users can be instructed to add the certificate. However, it's less secure and can create inconvenience for users.

    2. Name Mismatch Error:

    • Meaning: The domain name you entered (www.auskec.kr) doesn't match any of the names listed in the certificate. This can cause browser errors and security warnings.
    • Solution:
      • Obtain a certificate with the correct domain name: Ensure the certificate includes "www.auskec.kr" in its Common Name (CN) or Subject Alternative Name (SAN) fields.
      • Alternatively: If you have control over the server, access its configuration and update the domain name to match the one in the certificate.

    Regards

    Life happens, Coffee helps!

    Bitdefender Ultimate Security Plus (user)

  • DIVERSE
    DIVERSE ✭✭✭


    Just for clarity, that's not a website that I manage. (But I have been trying to encourage them to use HTTPS.)

    In any case, is "Subject Alternative Name" different from "Certificate Subject Alternative Name" under Extensions (see screenshot)? If they're the same, then it seems like it may be merely some slight syntax problem in what's entered.


    Unless the problem is that they have entered conflicting data in the Subject's "Common Name" and "Alternative Name". Or is it literally OK to have any arbitrary thing in one of them, as long as the other one is specified correctly?