Today I have got a call from end-user using Windows 10 when she is accessing our web server https site within Firefox browser's bookmark with the following error:
www.example.com uses an invalid security certificate
The certificate is not trusted because no issuer chain was provided.
Error code: sec_error_unknown_issuer
I have struggled to find out ESET antivirus program interference with SSL/TLS communication. I have disabled SSL/TLS protocol filtering in ESET program following official instructions: http://support.eset.com/kb3126/ After disabling SSL/TLS filtering in antivirus Firefox browser can access https site without any problem (it is nothing wrong with certificate or certificate chain).
It looks like antivirus is trying to get inside encrypted SSL/TLS traffic to find out if there is some malicious program in it and if it is it tries to block it.
What I would like to know how does antivirus really intercepts SSL/TLS traffic from technical point of view?
a) Tries to executed MiTM attack on SSL/TLS?
b) Looks for Firefox browser process and looks into its memory?
Something else? Some technical explanation would be great.
By the way on this web server there is only 443 port with https protocol enabled, port 80 with http protocol is disabled. Thanks