When using Kaspersky Anti-Virus Personal Root Certificate, can you view the website's certificate?
When using Kaspersky Anti-Virus Personal Root Certificate, can you view the website's certificate?
... is it possible to view the SSL certificate for the website itself?
You should be able to, but you have to do it outside the browser. For example, here's Google using OpenSSL's s_client
:
$ openssl s_client -connect www.google.com:443 -tls1 -servername www.google.com | openssl x509 -text -noout
...
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3497310530607939837 (0x3088f165e61e80fd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
Validity
Not Before: Feb 11 11:17:05 2016 GMT
Not After : May 11 00:00:00 2016 GMT
Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=www.google.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d4:90:20:6e:c9:e9:f7:1b:ce:57:59:b3:ee:45:
13:e1:e0:d1:7d:68:b2:05:69:c0:e1:0d:77:2c:89:
10:ea:b4:0a:d9:d5:5b:8d:a9:ac:9a:98:2b:b6:33:
1d:ba:53:8b:e0:1a:df:d9:01:fe:83:24:3f:6d:af:
0a:4b:c5:e0:de:75:7e:76:81:19:e0:c4:a8:ae:1f:
09:21:40:31:43:a7:52:d7:53:9c:f2:69:cc:2f:78:
ef:39:d8:ad:d4:b2:4b:7d:8c:c5:70:8b:90:c7:48:
f9:57:c2:69:85:b9:ba:4b:cb:17:f4:b1:1a:a9:e6:
50:60:ca:78:5a:7a:16:91:44:a9:56:4e:59:0f:93:
0d:23:a1:53:3c:5b:47:38:9d:76:ff:f7:b2:c2:ce:
fd:09:d7:49:48:5e:39:fb:71:e8:b8:90:59:44:ed:
85:14:15:a1:4b:67:a7:66:40:3b:04:58:0a:6c:06:
aa:df:71:f2:02:74:82:14:ad:4c:98:5a:09:53:82:
1e:40:2b:36:78:7e:31:8e:36:20:c5:c8:59:9a:dd:
8b:8e:24:2b:9e:8d:4f:94:d6:6b:0d:a2:7e:5e:a4:
7d:14:ac:c0:8a:17:5c:7a:c8:00:46:9c:24:75:50:
a5:be:ec:51:d1:60:99:2f:6d:94:17:77:ce:63:09:
01:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Alternative Name:
DNS:www.google.com
Authority Information Access:
CA Issuers - URI:http://pki.google.com/GIAG2.crt
OCSP - URI:http://clients1.google.com/ocsp
X509v3 Subject Key Identifier:
4F:C7:02:93:EC:46:43:9C:34:43:03:3E:CB:18:CB:4E:7A:B4:0E:DE
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.11129.2.5.1
Policy: 2.23.140.1.2.2
X509v3 CRL Distribution Points:
Full Name:
URI:http://pki.google.com/GIAG2.crl
Signature Algorithm: sha256WithRSAEncryption
19:5a:93:63:e9:3b:8a:f2:80:01:70:a9:02:8a:51:84:23:3b:
94:77:9b:4a:e1:38:d4:a1:8c:51:1d:67:79:a1:03:b5:1f:0d:
c7:77:d8:52:64:92:55:77:c0:d9:0e:1c:6a:ff:f2:a9:56:04:
66:90:66:ca:e1:21:4a:45:cd:06:09:64:23:58:75:3f:84:23:
7b:d1:c9:bb:d8:b2:d0:4f:f2:4a:09:9d:6e:cf:14:2a:8b:8e:
52:f7:a6:8b:16:14:bc:13:71:e7:b0:50:e8:a0:04:c0:c7:c6:
89:13:67:19:a0:41:da:99:83:48:bb:ed:e3:f5:b4:29:bf:bc:
2b:95:2c:3b:54:ca:cf:5a:df:00:51:47:2d:cd:5a:7d:fb:e0:
15:bf:34:9e:a0:8b:ff:ba:80:57:e0:d3:c5:71:12:df:48:49:
98:13:d1:95:ef:68:b4:f4:50:77:0e:51:3e:98:e5:8f:31:57:
a4:6a:8f:73:0b:9d:b4:ec:db:4d:04:c2:6a:ad:ec:5c:ac:02:
3a:0a:c1:96:f3:2a:53:02:f3:7a:19:94:17:80:ff:0f:4e:5d:
19:f4:b9:18:ba:89:dd:62:5d:01:39:da:4a:28:f8:32:39:84:
69:ef:5d:3b:5c:d0:9d:38:10:30:93:7b:2c:ee:0b:a2:9f:e5:
17:0c:cf:81
You can clear the verify error:num=20:unable to get local issuer certificate issue using the -CAfile
option:
$ openssl s_client -connect www.google.com:443 -tls1 -servername www.google.com -CAfile GeoTrust-Root.pem
user3169
Updated on September 18, 2022Comments
-
user3169 over 1 year
Use of Kaspersky Anti-Virus Personal Root Certificate with Firefox is discussed in this post, Which CA issued certificate for https://www.google.com.
My question is (other than for google.com) is it possible to view the SSL certificate for the website itself?
I don't want to disable this function, but as far as I can tell you can only view the Kaspersky Root Certificate.-
Ramhound about 8 yearsNo; Because the certificate used isn't the real certificate. It is the Kaspersky certificate. "I don't want to disable this function, but as far as I can tell you can only view the Kaspersky Root Certificate." - You should it breaks HTTPS.
-
user3169 about 8 yearsSo only the Kaspersky certificate is used between my browser and the target website?
-
Ramhound about 8 yearsCorrect; Hence the reason the feature breaks HTTPS.
-