HTTPS網站的憑證發行者,通常都是顯示該憑證的發行商,
但在某些網站查看憑證資訊時,發行者會變成Kapersky,在功能上沒影響,但不知為何會如此。
查了一下才發現,如果防毒軟體有啟用HTTPS的掃描檢查,防毒軟體就會安裝自己的憑證,以便檢查HTTPS傳輸。
如果把這個HTTPS加密傳輸的檢查關了,就不會有憑證發行者被換掉的狀況了。
卡巴斯基企業版的端點防護(KES)HTTPS加密傳輸掃描設定,是在一般設定中的網路設定裡,可以做啟用或關閉。
The issuer of an HTTPS website certificate typically displays the certificate's issuing authority. However, in some cases, when viewing the certificate information on certain websites, the issuer appears as "Kaspersky" instead. This does not affect the functionality of the certificate, but the reason behind this change is unclear.
Further investigation revealed that if antivirus software has enabled HTTPS scanning, it installs its own certificate to facilitate the scanning of HTTPS transmissions.
By disabling the inspection of encrypted HTTPS traffic, the situation of the certificate issuer being replaced can be avoided.
The setting for HTTPS encrypted transmission scanning in Kaspersky Endpoint Security (KES), the enterprise edition of Kaspersky, can be found in the general settings under network settings. It provides the option to enable or disable this feature.
沒有留言:
張貼留言