Protection against untrusted certificates

Many sites use certificates that are given out by authoritative, trusted organizations to protect against phishing. A certificate contains an open key used to encrypt data that the user sends to the site over an HTTPS connection. The trusted certificate center confirms that the open key used during encryption really does belong to the site owner.

Classic Yandex.Browser checks site certificates. If there is any doubt about a certificate's authenticity, the browser will warn you.

If the certificate author is unknown

In this case, it's not clear if the certificate was installed by the site administrator or hackers, and you will see the following warning:

You can decide to either not visit the site, or enter the certificate in your list of trusted ones. The certificate will remain in the list for 30 days, after which you will have to once again confirm its trustworthiness.

Attention. Only click Trust this certificate when you know the certificate is reliable. Otherwise hackers can get access to your personal information!

If you aren't sure of the certificate's trustworthiness, but you want to visit the site, take the following security measures:

  • For home computers. Update your antivirus and scan your computer for malware. If your antivirus discovers and deletes a certificate that was installed by hackers, you will no longer see a warning in your browser. If your antivirus didn't delete a suspicious certificate, then it can be deleted using Windows. Be careful; if the certificate was installed by a legitimate program (rather than malware), then deleting it may adversely affect your system.
  • For work computers. Contact your system administrator to delete a suspicious certificate. They will delete any certificates they didn't install. If the certificate was installed by your administrator for security reasons, you can click Trust this certificate. Keep in mind, however, that the system administrator can view your personal information and electronic payments.

If the certificate was installed using special software

Antiviruses, ad blockers, site-monitoring programs, and analogous special programs can substitute their own certificates for those of the website (in order to decrypt traffic). However, if special software is used to substitute a certificate, the following potential dangers can occur:

  • People you don't know (developers of special software) may be privy to your information.
  • The certificate may have been installed by malware pretending to be a special program. As of now, browsers have no way of being completely certain that a certificate installed by special software is authentic.

Classic Yandex.Browser warns you about these problems:

To visit a site:

  1. Find out what program replaced the certificate. This information can be found by clicking the corresponding link on the warning page.
  2. Decide if you are prepared to trust the certificate preparer with your personal information:
    • If you are ready, click Trust this certificate.
    • If you aren't ready, disable HTTPS-connection checking in the program. You can use the program instructions:
      • Kaspersky Lab antivirus
      • ESET NOD32
      • AdGuard (in addition to the AdGuard program, there is an extension of the same name that doesn't create its own certificates, so you don't need to disable anything for it).
      Attention. If you disable HTTPS checks, it doesn't mean you're unprotected. Yandex.Browser runs its own security checks on your downloading files, blocks malicious pages and banners, and uses advanced protection for bank and payment-system pages.

      If the browser continues to warn you about a suspicious certificate even after disabling HTTPS checks, and you don't need the program that installed the certificate, try temporarily closing that program.