Showing results for 
Search instead for 
Did you mean: 
Level 12
Report Inappropriate Content
Message 1 of 5

Random Revoked Certificate Situations

I haven't really focused in on this yet, but I've been seeing some situations where MWG reports that a certificate has been revoked, but out of band systems don't confirm that.

Although I have seen this with other sites, one of the main ones I see it with are Cisco sites.



4 Replies

Re: Random Revoked Certificate Situations

That's interesting.

At the moment I configure our first (test-)MWG7-system with SSL-inspection and i have the same problem with the following (Cisco-)site:

Does anybody know, what's the reason for this?

When a client connects directly to the site (without MWG), there is no problem.

McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 3 of 5

Re: Random Revoked Certificate Situations

I have seen this before, Cisco has a CA for which they have not properly configured OSCP or the CA does not know of it's subordinate:

Issuer: DST Root CA X3

SubCA: Cisco SSCA2

These appear to be the same CAs used in the URLs you have given.

The MWG checks with the CA's OSCP responder, and the CA (DST Root CA X3), retruns an "unknown" response for the subCA (Cisco SSCA2). This is why the block occurs.



Level 12
Report Inappropriate Content
Message 4 of 5

Re: Random Revoked Certificate Situations


WebEx isn't actually HTTP traffic encapsulated in SSL and the proxy doesn't understand what to do with it. A Stop Cycle rule for the WebEx destination will allow the traffic.

There's a McAfee subscription list that you can use for WebEx destination IP addresses and there's a template rule set for WebEx on -- rule set 50027. The rule should go above your SSL Scanner rules.

Re: Random Revoked Certificate Situations


Thanks for the tip.

I tested with the Ruleset from the library and it works fine.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community