Getting invalid security certificate warning on known good webpage

[VinceL]

I have 9 PC's in my home. 7 are running Win7 64bit and 2 are running Win8.1 32bit. All PC's are running Bitdefender Antivirus Plus 2016. All of the PC's have the latest Win updates from Microsoft and Bitdefender updates.

On 1 computer, there is one (and only one) webpage that reports an invalid security certificate. I am having this problem using IE11 and using Chrome. Every time I try to access the webpage for Lionel trains support. Since I'm new on the forum, I can't post the actual link. Let's just say it has "lionelsupport" and "com." On this PC using IE11, I get a message "There is a problem with this website's security certificate." If I continue to the website and display certificate info, the certificate issuer is shown as: Untrusted Bitdefender CA. The valid dates are 8/21/2015 to 8/21/2018 and my computer has the correct date and time. On the Certification Path tab, it states: This certificate is OK.

I ran a repair on Bitdefender and that did not fix the problem. I completely uninstalled and then reinstalled Bitdefender, and I still have the same problem.

Given that I have completely uninstalled and reinstalled Bitdefender on this computer, and I have 8 other PC's also running Bitdefender that don't have this problem, I am thinking that this is a Windows problem.

I have searched and not been able to find any references to this type of problem. I'm hoping someone here may have some knowledge or experience with this type of problem.. I really don't want to have to do a complete Windows reinstall.

 

[Neemobeer]

Bitdefender does SSL scanning so it inserts it's own SSL certificate. It sounds like that cert might be missing from the Windows Cert store. You can fix this is a few ways.

1. Go into BitDefender and disable SSL scanning. (Less secure)
2. See if the Cert is in the install folder for Bit Defender and add it to the correct store
3. Look on a working computer and export the cert and copy and import to the malfunctioning computer

I would go with option 3 since you will also know which store to import it into.
On a working computer

• Press Windows key + r
• Type mmc
• Select File > Add/remove snap-ins
• Add Certificate >> Add >> Computer Account >> Local Computer
• It will probably be in Personal > Certificates or Trusted Root CA > Certificates
• Once you find it double click the certificate and go to the details tab
• Click Copy to File
• The DER... (.CER) file is fine
• Copy the file to your other computer
• Open the Certificate snap-in again on the target computer
• Expand the cert folder for example Personal > Certificates
• Right click Certificates and select Import... browse to the .CER file and import
• That should be it, you may need to reboot after

 

[VinceL]

Neemobeer, thanks for your suggestion.

Unfortunately, it did not work.

I successfully exported the certificate Bitdefender Personal CA Net-Defender from a PC that is not having the problem. I successfully imported the certificate on the PC having the problem. There was already a Bitdefender Personal CA Net-Defender certificate on the computer. So, now I have 2 with the only apparent difference being their expiration dates (1/28/2026 vs. 11/25/2025). I rebooted the PC and still have the problem.

Should I have deleted the certificate that was already on the problem PC? I wasn't comfortable doing that since it might create other problems. I figured having 2 of the same certificate wouldn't do any harm. Or, could the certificate that was already on the PC be corrupt?

 

[Neemobeer]

I would export the old one just so you have it before deleting it. I'm installing Bit Defender in a VM so I can get a better idea of the SSL scanning.


You can also go to the web site that is broken and click on the broken lock and details and see if there is a certificate chain and if there is a specific cert that is broken.

 

[VinceL]

Now this is weird...

I did some experimenting. First I tried adding the website to the Bitdefender Whitelist. I still had the problem. I removed it from the Whitelist and then disabled SSL scanning. No surprise...the website loaded with no problems. I re-enabled SSL scanning, and the website still came up with no problems.

I went back in to Bitdefender to make sure I had re-enabled SSL scanning. And, yes it was enabled. Just to be sure, I shut down the PC and restarted it. I checked Bitdefender and it shows SSL scanning is enabled. The website loaded with no problem.

Somehow, it appears that disabling and then re-enabling SSL scanning has solved the problem. It's a mystery to me, but I'm happy that the problem is gone.

Thanks for your help Neebobeer.