AJ_Enpass Posted October 25, 2022 Report Share Posted October 25, 2022 Hi. I've received a new laptop and for some reason I'm not able to activate Enpass. I'm getting "SSL certificate validation failed. Please try restarting Enpass". I've tried using the version from Microsoft store and also downloaded from Enpass directly. I've also tried to restore from Backup but nothing worked. Any ideas? Link to comment Share on other sites More sharing options...
LBrabham Posted October 26, 2022 Report Share Posted October 26, 2022 Same issue here. Following. Link to comment Share on other sites More sharing options...
Samuela Posted October 27, 2022 Report Share Posted October 27, 2022 Have you guys running any network sniffing app? If yes, please close the app and then register Enpass app. 1 Link to comment Share on other sites More sharing options...
Abhishek Dewan Posted October 27, 2022 Report Share Posted October 27, 2022 Hi @AJ_Enpass @LBrabham Welcome to the Enpass Forums. As suggested by @Samuela, could you please check if you are using any network sniffing app? Getting "SSL certificate validation failed error" means you are running any Network sniffing tools ( ex: fiddler). That means, if any network sniffing tools are running in the background the following process will stop working: User will be unable to activate Enpass. If user has enabled "use Website icon" option from customized settings, then this error will occur. Apart from this it will also impact below-mentioned functionalities - “Check for update" process will not work " Breached/2fA” items not fetched. Link to comment Share on other sites More sharing options...
AJ_Enpass Posted October 27, 2022 Author Report Share Posted October 27, 2022 Hi, it appears that my company has updated the Network sniffing tool (we have Zscaler)...Whilst it was no problem on my old laptop 2 years ago the security has been updated and with the latest version this got blocked. Once my IT guy uninstalled it temporarily and disconnected from any VPN I was able to activate and it's running fine now. No issue installing the Network sniffing tool afterwards - I guess Enpass just needs to be activated. Thx AJ Link to comment Share on other sites More sharing options...
Ivarson Posted November 8, 2022 Report Share Posted November 8, 2022 No, I'm pretty sure Enpass does hourly, daily and weekly phone-home calls that will fail due to the certs (unless your ZScaler skips the MITM operations on apps already installed. SSL Pinning was only recently introduced in Enpass. It's a way requiring a specific certificate for TLS-encryption rather than any trusted certificate of the globally signed one's. No more poking around what Enpass sends nor receives Link to comment Share on other sites More sharing options...
ARBoomer2 Posted February 7, 2023 Report Share Posted February 7, 2023 I'm having the same issue and I'm not able to disable, etc. zScaler and the other things IT has placed on my device. What is the work-around here to activate Enpass? Link to comment Share on other sites More sharing options...
Abhishek Dewan Posted February 8, 2023 Report Share Posted February 8, 2023 Hi @ARBoomer2 Getting an "SSL certificate validation failed error" means you are running any Network sniffing tools ( ex: fiddler). I would recommend getting in touch with your IT department and asking them to disable these tools temporarily. Once done, you can activate the Enpass app and enable the tools again. Link to comment Share on other sites More sharing options...
MacLitze Posted July 17, 2023 Report Share Posted July 17, 2023 Hello, when I want to register my Enpass version I get the following error message: SSL certification validation failed. Please try restarting Enpass. A restart does not bring any improvement! What can I do? Thanks Kay Link to comment Share on other sites More sharing options...
Ivarson Posted July 17, 2023 Report Share Posted July 17, 2023 I'd say either your time on the device is off, or your network has SSL inspection. Link to comment Share on other sites More sharing options...
Abhishek Dewan Posted July 18, 2023 Report Share Posted July 18, 2023 Hi @MacLitze Getting "SSL certificate validation failed error" means you are running any Network sniffing tools ( ex: fiddler). Kindly check the below forum as I feel it would be helpful in this case and the same is being discussed there - Link to comment Share on other sites More sharing options...
Greg McGuffey Posted August 16, 2023 Report Share Posted August 16, 2023 How do we update then? Seems like there needs to be another way to deal with this. I can't be contacting my IT every time I need an update. Link to comment Share on other sites More sharing options...
Abhishek Dewan Posted August 17, 2023 Report Share Posted August 17, 2023 Hi @Greg McGuffey Encountering an "SSL certificate validation failed error" indicates the presence of network sniffing tools (e.g., Fiddler) in operation. It is advisable to reach out to your IT department and request a temporary deactivation of these tools. Once this step is completed, you can proceed to launch the Enpass app and subsequently reactivate the aforementioned tools Link to comment Share on other sites More sharing options...
Greg McGuffey Posted August 17, 2023 Report Share Posted August 17, 2023 Our company uses ZScalar, so that is the cause. Will this not cause any issue with updates? It seems to. When I use the Check for Updates, it fails also. As is how can update the app or know that that it needs updating? Link to comment Share on other sites More sharing options...
Abhishek Dewan Posted August 18, 2023 Report Share Posted August 18, 2023 Hi @Greg McGuffey Certainly, it will encounter problems with the following aspects as well: The "Check for update" process will not function. Items labeled as "Breached/2fA" will not be retrieved. In this scenario, regrettably, the only viable resolution would involve reaching out to your IT department when you intend to activate or update. Additionally, you can cross-check the version of the app you are currently using with the latest version accessible from here. Link to comment Share on other sites More sharing options...
atbigelow Posted August 24, 2023 Report Share Posted August 24, 2023 Found this thread after having Enpass lock itself due to this. This is not an acceptable solution. Your SSL verification check cannot be relied upon. To add further to this, I GET the verification email that the app is sending. However due to this flawed implementation, I am unable to enter the verification code I received. Asking people to "go ahead and get IT to disable network intercepts" every time users want to activate or update is bad. I will be moving on and recommending other password managers if this isn't sorted out quickly. Link to comment Share on other sites More sharing options...
rvs007 Posted August 31, 2023 Report Share Posted August 31, 2023 Likewise... it's stupid that you can't turn off this check and allow your software to be validated. If a customer paid for a license, why prevent them from validating the copy? 1 Link to comment Share on other sites More sharing options...
toodooleedoo Posted September 1, 2023 Report Share Posted September 1, 2023 Got the message after updating mac to 13.4 no network sniffers or anything but I do have zScaler. Unable to access my passwords now Link to comment Share on other sites More sharing options...
toodooleedoo Posted September 12, 2023 Report Share Posted September 12, 2023 Came back hoping this would have been addressed or at least a better update from Enpass sounds like I just need to manually move over to something else (can't get signed in to even export) 1 Link to comment Share on other sites More sharing options...
Darius Posted September 24, 2023 Report Share Posted September 24, 2023 On 8/18/2023 at 7:00 AM, Abhishek Dewan said: Hi @Greg McGuffey Certainly, it will encounter problems with the following aspects as well: The "Check for update" process will not function. Items labeled as "Breached/2fA" will not be retrieved. In this scenario, regrettably, the only viable resolution would involve reaching out to your IT department when you intend to activate or update. Additionally, you can cross-check the version of the app you are currently using with the latest version accessible from here. WIth all due respect Abhishek, No, that is not the only viable resolution. Enpass should offer (like other applications do) the ability for an end user to decide to bypass the SSL Validation Checks for when Enpass is communicating with your servers for purposes of Activation and Updates. Larger corporations with extensive Firewall implementations often WILL NOT permit exceptions to their SSL "man in the middle" filtering of HTTPS/SSL traffic. It is their right and us as employees of said organization, to follow, their policy and intentions for doing so. It's therefore incumbent on software application authorize to permit a user to bypass the app's validation check to enable it to function. Enpass's reluctance to even address this as an issue is disappointing and unprofessional. Link to comment Share on other sites More sharing options...
MoonRaven Posted September 24, 2023 Report Share Posted September 24, 2023 5 hours ago, Darius said: WIth all due respect Abhishek, No, that is not the only viable resolution. Enpass should offer (like other applications do) the ability for an end user to decide to bypass the SSL Validation Checks for when Enpass is communicating with your servers for purposes of Activation and Updates. Larger corporations with extensive Firewall implementations often WILL NOT permit exceptions to their SSL "man in the middle" filtering of HTTPS/SSL traffic. It is their right and us as employees of said organization, to follow, their policy and intentions for doing so. It's therefore incumbent on software application authorize to permit a user to bypass the app's validation check to enable it to function. Enpass's reluctance to even address this as an issue is disappointing and unprofessional. Enpass should just respect the OS' certificates. That would solve the issues. Even when it's using Fiddler (as an example, but I'm 99% sure that that is not being used in any of these cases). 1 Link to comment Share on other sites More sharing options...
johnq Posted October 9, 2023 Report Share Posted October 9, 2023 I'm getting this too right now. Guess what - I'm on a plane, on a 14h international flight, and paid for in-flight Wifi, which obvsiouly has strong security measures and sniffers, as expected! According to the Enpass reps in this thread, I should go to the cockpit and ask the pilot to kindly switch off their network security measures. Brilliant! That's not acceptable, and I'm perplexed at the replies from Enpass in this thread. Also unacceptable is the fact that a software which is advertized to work offline (as a big plus to differentiate it from the competition) now refuses to let me access my passwords because it decided to call home and considered it's better to shut down entirely and lock me out ... after paying for a license. This isn't just unreliable, it's downright scary, and in this particular case absolutely detrimental. I guess it's my fault for using and trusting closed source software for mission critical activity. Seems like it's time to finally switch away from Enpass. Enpass -- you should absolutely rethink your strategy and policy on this for those who still continue to use your product. 2 1 Link to comment Share on other sites More sharing options...
Louis-Arnaud Posted November 7, 2023 Report Share Posted November 7, 2023 Same here... Can't access enpass on my company laptop. Hopefully I was able to register it (don't know how), so I can access and save new password in google chrome, but not possible to open the app (to change the configuration or update). Please Enpass, do something ! Link to comment Share on other sites More sharing options...
breadjamez Posted December 1, 2023 Report Share Posted December 1, 2023 SSL Pinning was only recently introduced in Enpass. It's a way requiring a specific certificate for TLS-encryption rather than any trusted certificate of the globally signed one's. Link to comment Share on other sites More sharing options...
cuco Posted December 20, 2023 Report Share Posted December 20, 2023 I am having the same issue. We are using Zscaler at work. Everything worked fine since last week. And now im am getting this SSL message and I can't access my vault. Pleas update something here! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now