Kaspersky Fraud Prevention 4.0 for Endpoint

Causes of an invalid certificate when checking a website certificate by Kaspersky Fraud Prevention 4.0 for Endpoint

Back to "Safe Money"

Kaspersky Fraud Prevention 4.0 for Endpoint verifies authenticity of websites by ensuring that the digital certificate that is used to establish a secure connection corresponds to the address of the requested website.

During a certificate check, the following message may appear: "The certificate obtained when establishing secure connection does not match the original certificate". The reasons to an invalid certificate might be the following:

• Revoked certificate:
  • Certificate or its signature is revoked.
  • Failed to check the revocation status.
• Fake certificate:
  • The certificate is subscribed illegally.
• Certificate chain is broken:
  • The chain consists of one self-signed certificate.
  • The chain does not end with a trusted root certificate.
  • The chain contains certificates which are not meant to sign other certificates.
  • Root or intermediate certificate has expired or its time has not come yet.
  • The chain was not built.
• The domain specified in the certificate does not match the website to which the connection is established.
• Detected certificate usage violations:
  • The certificate is not meant to confirm the node authenticity.
  • Usage policies violation.
• Certificate time violation.
  • Action time has expired.
  • Action time has not come yet.
• Certificate structure is broken:
  • The structure is damaged.
  • Signature checking error.

If such a notification is displayed, the Kaspersky Lab specialists do not recommend to continue working with the website.

If the notification appears in Mozilla Firefox, try another browser (for example, Internet Explorer).

Back to "Safe Money"