cancel
Showing results for 
Search instead for 
Did you mean: 
jspanitz
Level 7

MWG 7.3 Verify Common Name (Proxy Setup)/Block Incident Common name mismatch

We are seeing a ton of Access Denied events all point to an Akamai server.  I know an out of box rule exists (SSL Scanner | Cert Verification | Verify Common Name (Proxy Setup) for Akamai but it does seem to handle this site.  We added another entry to the Allow Akamai rule that states:

SSL.Server.Certificate.CN matches *.redswoosh.akadns.net

But the entry is still logged.  Below is the entry in the MWG log:

[07/Oct/2013:09:38:33 -0400] "MWG" "user" xxx.xxx.xxx.xxx 69.31.16.8 "cn1.redswoosh.akadns.net" 0 "-" 0 0 "CONNECT cn1.redswoosh.akadns.net:443 HTTP/1.1" "Content Server" "Minimal Risk" 6 "Verify Common Name (Proxy Setup)/Block Incident" 98 "Common name mismatch" false "-" false "-" "-" "-" "Akamai NetSession Interface"

What's the fix?

0 Kudos
1 Reply
McAfee Employee

Re: MWG 7.3 Verify Common Name (Proxy Setup)/Block Incident Common name mismatch

This is a legitimate block. The site requested was "cn1.redswoosh.akadns.net", the certificate is signed as "redswoosh.akadns.net" (not "*.redswoosh.akadns.net").

If you wish to allow it you can do:

SSL.Server.Certificate.CN matches redswoosh.akadns.net

Best.

Jon

0 Kudos