Jump to content
Enpass Discussion Forum

SSL certificate validation failed.


Recommended Posts

Hi. I've received a new laptop and for some reason I'm not able to activate Enpass. I'm getting "SSL certificate validation failed. Please try restarting Enpass". 

I've tried using the version from Microsoft store and also downloaded from Enpass directly. I've also tried to restore from Backup but nothing worked.

Any ideas?

Link to comment
Share on other sites

Hi @AJ_Enpass @LBrabham

Welcome to the Enpass Forums.

As suggested by @Samuela,  could you please check if you are using any network sniffing app? Getting "SSL certificate validation failed error" means you are running any Network sniffing tools ( ex: fiddler). That means, if any network sniffing tools are running in the background the following process will stop working:

  1. User will be unable to activate Enpass.

  2. If user has enabled "use Website icon" option from customized settings, then this error will occur.

Apart from this it will also impact below-mentioned functionalities -

  • “Check for update" process will not work

  • " Breached/2fA” items not fetched.

Link to comment
Share on other sites

Hi, 

it appears that my company has updated the Network sniffing tool (we have Zscaler)...Whilst it was no problem on my old laptop 2 years ago the security has been updated and with the latest version this got blocked. Once my IT guy uninstalled it temporarily and disconnected from any VPN I was able to activate and it's running fine now.

No issue installing the Network sniffing tool afterwards - I guess Enpass just needs to be activated.

Thx

AJ 

Link to comment
Share on other sites

  • 2 weeks later...

No, I'm pretty sure Enpass does hourly, daily and weekly phone-home calls that will fail due to the certs (unless your ZScaler skips the MITM operations on apps already installed.

 

SSL Pinning was only recently introduced in Enpass. It's a way requiring a specific certificate for TLS-encryption rather than any trusted certificate of the globally signed one's.

 

No more poking around what Enpass sends nor receives

Link to comment
Share on other sites

  • 2 months later...
  • 5 months later...
  • 5 weeks later...

Hi @Greg McGuffey

Encountering an "SSL certificate validation failed error" indicates the presence of network sniffing tools (e.g., Fiddler) in operation. It is advisable to reach out to your IT department and request a temporary deactivation of these tools. Once this step is completed, you can proceed to launch the Enpass app and subsequently reactivate the aforementioned tools

Link to comment
Share on other sites

Hi @Greg McGuffey

Certainly, it will encounter problems with the following aspects as well:

  • The "Check for update" process will not function.
  • Items labeled as "Breached/2fA" will not be retrieved.

In this scenario, regrettably, the only viable resolution would involve reaching out to your IT department when you intend to activate or update. Additionally, you can cross-check the version of the app you are currently using with the latest version accessible from here.

Link to comment
Share on other sites

Found this thread after having Enpass lock itself due to this.

This is not an acceptable solution. Your SSL verification check cannot be relied upon. To add further to this, I GET the verification email that the app is sending. However due to this flawed implementation, I am unable to enter the verification code I received. Asking people to "go ahead and get IT to disable network intercepts" every time users want to activate or update is bad.

I will be moving on and recommending other password managers if this isn't sorted out quickly.

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
On 8/18/2023 at 7:00 AM, Abhishek Dewan said:

Hi @Greg McGuffey

Certainly, it will encounter problems with the following aspects as well:

  • The "Check for update" process will not function.
  • Items labeled as "Breached/2fA" will not be retrieved.

In this scenario, regrettably, the only viable resolution would involve reaching out to your IT department when you intend to activate or update. Additionally, you can cross-check the version of the app you are currently using with the latest version accessible from here.

WIth all due respect Abhishek, No, that is not the only viable resolution. Enpass should offer (like other applications do) the ability for an end user to decide to bypass the SSL Validation Checks for when Enpass is communicating with your servers for purposes of Activation and Updates.

Larger corporations with extensive Firewall implementations often WILL NOT permit exceptions to their SSL "man in the middle" filtering of HTTPS/SSL traffic. It is their right and us as employees of said organization, to follow, their policy and intentions for doing so.

It's therefore incumbent on software application authorize to permit a user to bypass the app's validation check to enable it to function.

Enpass's reluctance to even address this as an issue is disappointing and unprofessional.

Link to comment
Share on other sites

5 hours ago, Darius said:

WIth all due respect Abhishek, No, that is not the only viable resolution. Enpass should offer (like other applications do) the ability for an end user to decide to bypass the SSL Validation Checks for when Enpass is communicating with your servers for purposes of Activation and Updates.

Larger corporations with extensive Firewall implementations often WILL NOT permit exceptions to their SSL "man in the middle" filtering of HTTPS/SSL traffic. It is their right and us as employees of said organization, to follow, their policy and intentions for doing so.

It's therefore incumbent on software application authorize to permit a user to bypass the app's validation check to enable it to function.

Enpass's reluctance to even address this as an issue is disappointing and unprofessional.

Enpass should just respect the OS' certificates. That would solve the issues. Even when it's using Fiddler (as an example, but I'm 99% sure that that is not being used in any of these cases).

  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...

I'm getting this too right now. Guess what - I'm on a plane, on a 14h international flight, and paid for in-flight Wifi, which obvsiouly has strong security measures and sniffers, as expected!

According to the Enpass reps in this thread, I should go to the cockpit and ask the pilot to kindly switch off their network security measures. Brilliant!

That's not acceptable, and I'm perplexed at the replies from Enpass in this thread. Also unacceptable is the fact that a software which is advertized to work offline (as a big plus to differentiate it from the competition) now refuses to let me access my passwords because it decided to call home and considered it's better to shut down entirely and lock me out ... after paying for a license.

This isn't just unreliable, it's downright scary, and in this particular case absolutely detrimental. I guess it's my fault for using and trusting closed source software for mission critical activity. Seems like it's time to finally switch away from Enpass.

Enpass -- you should absolutely rethink your strategy and policy on this for those who still continue to use your product.

  • Thanks 2
  • Sad 1
Link to comment
Share on other sites

  • 4 weeks later...
  • 4 weeks later...
  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...