[KB6672] Certificate notifications in ESET Windows home products (15.x – 16.x)



SSL/TLS protocol filtering and Root Certificates

SSL/TLS protocol filtering allows ESET Windows home products to scan for threats in communications that use the SSL/TLS protocols. SSL/TLS protocol filtering is enabled by default in all ESET Windows home products, starting with version 10 and later. We recommend that you keep this setting enabled to ensure that your ESET security product provides you with the maximum level of protection. To disable or re-enable SSL/TLS protocol filtering for troubleshooting purposes, visit our Knowledgebase article.

When SSL/TLS protocol filtering is enabled, your ESET security product adds our Root Certificate to your local machine. The ESET Root Certificate is trusted and valid and it allows your product to scan SSL traffic to verify if other certificates are also trusted and valid. If your product detects an untrusted or invalid certificate, we will alert you with one of several notifications. Click the notifications below for more information.

ESET certificate notifications

"Website certificate revoked"—This notification alerts you that the security certificate for a website is expired or the security certificate has been revoked by the issuing Certificate Authority (CA), or that the issuing CA itself has been revoked.

Figure 1-1

"Encrypted network traffic: Untrusted certificate"—This notification alerts you that a certain application is trying to communicate over a channel encrypted with an untrusted certificate. You may also receive this notification when an ad with an invalid certificate tries to load on a website.

Figure 1-2

Certificate validity of websites

If a website has one or more certificates, the administrator and/or owner of that website should ensure that all of its certificates are valid. When ESET alerts you about an invalid certificate on a website, it is up to the website to correct the issue. ESET is not responsible and cannot resolve these types of issues.

"Activation failed" during ESET installation/ Error code: ECP.20031—This notification alerts you that outdated or insufficient security certificates were encountered during installation of your ESET security product. 

Figure 1-3

Non-ESET certificate notifications

"Connection is untrusted" or "sec_error_reused_issuer_and_serial" — These notifications come from your browser rather than your ESET security product. Verify that you have SSL/TLS protocol filtering enabled in your security product.