cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 12
Report Inappropriate Content
Message 1 of 5

Random Revoked Certificate Situations

I haven't really focused in on this yet, but I've been seeing some situations where MWG reports that a certificate has been revoked, but out of band systems don't confirm that.

Although I have seen this with other sites, one of the main ones I see it with are Cisco sites.

Specifically:

cisco-tags.cisco.com 

news-tags.cisco.com 

mcc-tags.cisco.com 

Thoughts?

4 Replies
Highlighted

Re: Random Revoked Certificate Situations

That's interesting.

At the moment I configure our first (test-)MWG7-system with SSL-inspection and i have the same problem with the following (Cisco-)site:

https://www.webex.de/login/attend-a-meeting

Does anybody know, what's the reason for this?

When a client connects directly to the site (without MWG), there is no problem.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 5

Re: Random Revoked Certificate Situations

I have seen this before, Cisco has a CA for which they have not properly configured OSCP or the CA does not know of it's subordinate:

Issuer: DST Root CA X3

SubCA: Cisco SSCA2

These appear to be the same CAs used in the URLs you have given.

The MWG checks with the CA's OSCP responder, and the CA (DST Root CA X3), retruns an "unknown" response for the subCA (Cisco SSCA2). This is why the block occurs.

Best,

Jon

Highlighted
Level 12
Report Inappropriate Content
Message 4 of 5

Re: Random Revoked Certificate Situations

@chrisfi

WebEx isn't actually HTTP traffic encapsulated in SSL and the proxy doesn't understand what to do with it. A Stop Cycle rule for the WebEx destination will allow the traffic.

There's a McAfee subscription list that you can use for WebEx destination IP addresses and there's a template rule set for WebEx on contentsecurity.mcafee.com -- rule set 50027. The rule should go above your SSL Scanner rules.

Highlighted

Re: Random Revoked Certificate Situations

@btlyric:

Thanks for the tip.

I tested with the Ruleset from the library and it works fine.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community