Protection from untrusted certificates

Yandex Browser for Mobile checks site certificates. The browser warns you if there are issues with a website's security certificate and it cannot provide secure data encryption.

  1. Why websites need a certificate
  2. What makes an untrusted certificate dangerous
  3. Blocked websites with untrusted certificates
  4. Reasons for blocking

Why websites need a certificate

Your personal data and payment information should be protected when you send them to a website. Websites use the HTTPS protocol for secure connection. The protocol activates an asymmetric encryption algorithm, where data is encrypted with a public key and decrypted with a private key. For each session, the browser regenerates the private key and transmits it to the website with the necessary precautions to prevent theft.

However, if you end up on a phishing website, it might get the private key and then decrypt your data. To protect against phishing, websites use digital certificates issued by special certification authorities. The certificate guarantees that the encryption keys actually belong to the website owner.

What makes an untrusted certificate dangerous

You may end up on a phishing website, or your data will not get the necessary protection on the original website (for example, if the website's certificate has expired). As a result, hackers can:

  • Intercept or replace your personal data and read your correspondence.
  • Get your payment data (card number, cardholder's name, expiry date and CVV2) and use it to steal money from your account.

Blocked websites with untrusted certificates

If a website can't guarantee secure data encryption because of certificate issues, you'll see in the SmartBox. The site won't load, and the page will display a message saying that a secure connection couldn't be established. In this case, you can decide to either not visit the site, or to add the certificate to your list of trusted ones.

To open the website, tap Continue in the window that opens.

Reasons for blocking

Yandex Browser blocks websites that have the following certificate problems:

The certificate authority is unknown

The certificate might have been installed by a hacker or special software. Ad blockers and similar applications may replace website certificates with their own certificates. If the certificate was installed by an application, you need to find it and disable checking HTTPS in it.

You can also decide to trust your data to such a certificate, but be aware of two potential dangers:

  • Your data may become available to unknown application developers.
  • The certificate may be installed by malware pretending to be the application. Browsers do not have the ability to verify the authenticity of certificates installed by special applications.
Incorrect site address
The website's security certificate belongs to another website. The server may be just incorrectly configured, but it's possible that you have ended up on a phishing website. If this is the case, hackers can intercept your data.
Self-signed certificate

The site certificate is issued by the site itself, rather than by a certification authority. To learn more, see Self-signed certificate. Malware or hackers can intercept your data.

Untrusted root certificate
The authority that signed the certificate is not trusted. Malware or hackers can intercept your data. To learn more about root certificates, see Root certificate.
The certificate has expired
The data that is sent will not be encrypted, which means that hackers can intercept it.
Certificate has been revoked
The site's certificate was compromised and revoked. The data that is sent will not be encrypted, which means that hackers can intercept it.
Outdated encryption
The server uses an outdated, unreliable encryption algorithm. Hackers can intercept your data.
Ciphers are not supported
An HTTPS connection can't be established because the website uses ciphers not supported by the browser. The data that is sent will not be encrypted, which means that hackers can intercept it.
The certificate key does not match the pinned key

The certificate key does not match the pinned website key. Hackers may try to replace the root certificate. Then they can intercept your data. To learn more about pinning (linking) a key, see HTTP Public Key Pinning.

Data could not be encrypted over HSTS
The browser could not enable encryption and broke the connection. The server where the website is located normally uses encryption, since the HSTS protocol is enabled on it. Lack of encryption may be a sign of a hacker attack. In this case, hackers or malware can intercept your data.

If you can't find the information you need in Help or you are having issues with Yandex Browser for Mobile, please describe your actions step by step. Take a screenshot if possible. This will help our support specialists quickly find a solution for the issue you're experiencing.

Note. To resolve issues with Yandex services, please contact support of these services:
Yandex Browser for desktop
If you have problems using the desktop version of Yandex Browser, you can contact us directly from the browser: go to  → Advanced → Report problem or fill out the form.
Yandex Home page
If your question is about the Yandex Home page (for example, you want to change the theme, customize blocks or icons for services, or find YooMoney), contact us using this form. Select the option Question about Yandex Home page.
Yandex Mail
If your have questions about Yandex Mail (for example, how to disable ads, import messages from other mailboxes, restore deleted emails, or find messages in the Spam folder), use this form.
Yandex Search and search results
If you have questions about Yandex Search and search results (for example, about site ranking or invalid search results), contact us using this form.