Invalid Security Certificate Error when using Kaspersky, AVAST, or other Security Apps

Follow

Overview

If you use anti-virus software, you may see an error message about an invalid security certificate when you're setting up an account or when you're fetching mail from an account.

The issue is with an anti-virus setting that scans connections that use the SSL security protocol. Since SSL provides a secure connection, this feature offers extra protection for connections that should already be secure. 

Solution for Kaspersky

Kaspersky will scan encrypted connections, including IMAP/SMTP over SSL between Postbox and your mail servers. Kaspersky will intercept your mail connections, inject itself between Postbox and your mail server, and use its own certificates to protect the "last mile" of your connectivity. This will cause Postbox to complain about invalid certificates.

Option 1

You can accept Kaspersky’s SSL certificate as valid by adding the certificate to the list of exceptions in Postbox. Kaspersky will be scanning your mail on their own servers and so you can take advantage of the full scope of functionality of the Kaspersky security software without restrictions

Postbox_settings_confirm_exception-1.png

Option 2

Deactivate the mail intercept in Kaspersky Internet Security 2018 by editing its settings. Start Kaspersky Internet Security, click on the Settings icon located at the bottom of the application window. In the section Additional of the Settings window, click on Network. Scroll down to the section "Encrypted connections scanning," activate "Always scan encrypted connections" and click on "Manage exclusions…"

settings_additional_network.png

In the following dialog, click on Add. Enter the hostname as it appears in the certificate details section under Common Name. Set the status to "Active" and confirm. Now return to the Network Ports dialog, which is still open. Make sure you keep the option "Monitor all network ports for applications that are vulnerable to network attacks" activated. Confirm by closing the window. Done.

manage_exclusions_done.png

Finally, restart Postbox.

Solution for Avast

To solve the invalid certificate issue:

  1. Launch Avast.
  2. Click SETTINGS, and then select the Active Protection tab.
  3. Click Mail Shield's Customize button to display the SSL Scanning window.
  4. Uncheck Scan SSL connections.
  5. Exit Avast.

Some customers report that they've been able to add IMAP servers to NOT scan, which could also solve the problem.

A Postbox customer using Avast also shares the following:

  • Export the Mail Shield certificate from Avast Antivirus 
  • Open the Avast user interface and click ☰ Menu ▸ Settings. 
  • Select General from the left panel, then click Troubleshooting ▸ Open old settings. 
  • Select Components from the left panel, then click Customize in the Mail Shield panel. 
    Select SSL scanning from the left panel and ensure the box next to Scan SSL connections is ticked, then click Export certificate. 
  • Select a location to save the exported Mail Shield certificate (for example, your Windows Desktop) and click Save. 
  • Click OK in the Avast Information dialog. 
  • Import the Mail Shield certificate into Postbox.
Was this article helpful?
3 out of 5 found this helpful