cancel
Showing results for 
Search instead for 
Did you mean: 
jont717
Level 12

Certificate Unresolvable - SSL Scanner rule set

Can anyone explain what all the Certificate Unresolvable are and how they are getting logged?

I can't find anything in the SSL Scanner rule set that is incrementing the counter.

is this bad?

9-22-2011 3-02-44 PM.png

0 Kudos
2 Replies
c-lang3
Level 7

Re: Certificate Unresolvable - SSL Scanner rule set

I'm trying to determine this as well, did you by chance get clarification on what the "unresolvable" represents?

0 Kudos
McAfee Employee

Re: Certificate Unresolvable - SSL Scanner rule set

In my quick testing, "unresolvable" was returned when I disabled blocking of "self-signed" certs (as an example).

So I would guess that this means the Web Gateway was not able to determine if the certificate was valid. A self-signed certificate, a unknown root ca, or incomplete path could be one of the reasons for seeing this.

In this thread, I created a ruleset which logs all blocks recorded by SSL scanner:

https://community.mcafee.com/message/242800#242800

This was then turned into a ruleset in the online ruleset library:

https://contentsecurity.mcafee.com/ruleset_library?q=50035

You could log these incidents then perhaps correlate them to the spikes if you wanted.

Best,

Jon

0 Kudos