ProTip for Web Gateway: How to fix an issue when the Verify Common Name rule set is bypassed during Certificate Verification

Version 1

    The default SSL Scanner policy in McAfee Web Gateway (MWG) 7.6.1/7.5.2.6 has introduced two new rules (Verify Safe Signature Algorithms and Block unsafe Signature Algorithms) for Certificate Verification. The rule Verify Safe Signature Algorithms stops the rule set and the Verify Common Name rule set is bypassed.

    Find out how to troubleshoot this issue in KB87130:  https://kc.mcafee.com/corporate/index?page=content&id=KB87130


    The advice in KB87130 refers to the following versions when using the default SSL Scanner rule set from the embedded rule set library: MWG 7.5.2.6, 7.5.2.7, 7.6.1.x.