Making an untrustworthy website trustworthy?

I need to be able to access a BT Business Hub from my home pc which has Kaspersky Internet Security installed.

When I attempt to log into the device connected to the BT Business Hub, I get:-

Visiting an untrustworthy website has been prevented

One or more of this website's certificates are invalid, so we can't guarantee its authenticity. This happens when the website's owner hasn't updated the certificate in time, or if it's a fake site created by scammers. Visiting a website like this makes you more vulnerable to attack.

You were protected from visiting this website by Kaspersky security. You can close this window with no risk.

Hide details
Detected at: 24/11/2021 11:50:48
URL: xxx.xxx.xxx.xxx

Reason: This certificate or the certificate chain is built on an untrusted root center.
View certificate

I understand the risks and wish to continue

For the last few months I have been taking the "wish to continue"option, but would prefer to access without doing this.

Could this be related to the fact that the address for the BT Hub begins https:// since I note that I can access my own website which begins http:// without intervention from Kaspersky?

Thanks.

Cheers!

You are getting one of the reasons I gave up with third party security products. They stop you making your own choices.

https means use a "secure connection" and the technology is TLS (Transport Layer Security); which replaced 10 years ago the SSL (secure sockets layer) technology you may still hear.

TLS uses digital certificates to identify that the server you connected to is operated by a known entity. e.g. if you visit BBC news, or Google, or Microsoft you will find a padlock somewhere in the browser and you can see the certificate. This also means that anything you type is protected between you and the website server.

The BT router is doing the right thing in using HTTPS as many web browser (e.g. Chrome) complain when you visit sites that are not secure/encrypted.

However the Kaspersky software does not trust the certificate from not being tampered, and has decided this is a problem. It has not allowed for the need to access websites on your own network. The BT organisation can't afford to buy digital certs from a standard supply for all 5million+ customers.

I would think about disabling this check in Kaspersky if you can.

In reply to a post by Ancient_Mariner:

URL: xxx.xxx.xxx.xxx

Is this the IP address of your router, somethingl like like https://192.168.1.1? Or some other device on your network - if so, what sort of device is it?

In reply to a post by Ancient_Mariner:

For the last few months I have been taking the "wish to continue"option, but would prefer to access without doing this.

That's what you have to do, if you're accessing "secure" (https) sites whose certificates can't be validated. The browser itself would also give a similar error, even without Kaspersky (although usually it remembers your choice for the future)

In reply to a post by Ancient_Mariner:

Could this be related to the fact that the address for the BT Hub begins https:// since I note that I can access my own website which begins http:// without intervention from Kaspersky?

If your own site is, say, www.example.com, and it has a certificate signed by a known certificate authority (e.g. because you paid for a certificate or because it has a Letsencrypt certificate), then it will work fine.

Unfortunately, this is not something that can be done for sites without real domain names, which are accessed by IP address only. Nor can it be done easily for sites which are reached on private IP addresses like 192.168.x.x

(I'm not saying impossible, but if you don't know how, then you really don't want to know)

In reply to a post by candlerb:

(I'm not saying impossible, but if you don't know how, then you really don't want to know)

Yep it's a ball ache.

The address URL: xxx.xxx.xxx.xxx is the static IP address of a BT Business Hub located in our village hall. There is also a port number following this which gives access to a Building Management System for heating control from the comfort of my home pc and trusted others.

Whilst I can access the Hub and BMS, our Secretary's pc's anti-virus simply blocks access altogether with no obvious by-pass. Hence looking for a better way.

Cheers!

In reply to a post by Ancient_Mariner:

Hence looking for a better way.

My advice, ditch Kaspersky. Its interfering in things that don’t concern it.

Agree and web browsers already have a UX for invalid certificate warnings so I don't see much gain in Kaspersky layering its own dialog in front of us, especially if it imposes a maximum time limit before showing the warning again (instead of "allow and remember").

Perhaps for managed installations there is a way to tell Kaspersky to ignore "intranet" sites or consult some other whitelist (such as via SCCM or Group Policy).
but I have no idea if that is built-into the retail version.

Having read the thread it would seem two options are suitable.

Spend some budget to hire an IT Engineer to get your existing setup working.
Buy suitable hardware for inbound traffic which can auto renew Let's Encrypt.

In reply to a post by jchamier:

In reply to a post by Ancient_Mariner:

Hence looking for a better way.

My advice, ditch Kaspersky. Its interfering in things that don’t concern it.

I don't think I have had the problem since I started using Malwarebytes which is free from a particular bank's website after one logs in.

In reply to a post by jchamier:

In reply to a post by Ancient_Mariner:

Hence looking for a better way.

My advice, ditch Kaspersky. Its interfering in things that don’t concern it.

That may be the way for me to go. Kaspersky Internet Security has for the last few years flagged up every email from RS Components as well.

My licence for Kaspersky Internet Security expires in 55 days, so I might as well try their Kaspersky Security Cloud Free - which is just Anti Virus and see how that performs. A lot of the bells and whistles of KIS I don't use or don't need (hopefully).

Cheers!