Can anyone explain what all the Certificate Unresolvable are and how they are getting logged?
I can't find anything in the SSL Scanner rule set that is incrementing the counter.
is this bad?
In my quick testing, "unresolvable" was returned when I disabled blocking of "self-signed" certs (as an example).
So I would guess that this means the Web Gateway was not able to determine if the certificate was valid. A self-signed certificate, a unknown root ca, or incomplete path could be one of the reasons for seeing this.
In this thread, I created a ruleset which logs all blocks recorded by SSL scanner:
This was then turned into a ruleset in the online ruleset library:
You could log these incidents then perhaps correlate them to the spikes if you wanted.