That's an interesting one. Firefox blocks it too because of a common name mismatch.
You could create a rule like the following:
-Criteria: SSL.Server.Certificate.HasWildcards equals True AND URL.Host matches SSL.Server.Certificate.CN
-Action: Stop Ruleset
This would fit the bill because URL.Host is "tmcm55.zg.trendmicro.com", and the CN is "*.trendmicro.com".
Web gateway already has that, but converts it to a regex of "regex([^.]*\.trendmicro\.com)"...
Screenshot above shows a working rule, which modifies the default one.
The criteria for the default rule is SSL.Server.Certificate.CN.ToWildcard, where as the rule in the screenshot is String.ToWildcard.
The resulting regex is different, SSL.Server.Certificate.CN.ToWildcard is "regex([^.]*\.trendmicro\.com)", and String.ToWildCard is simply "*.trendmicro.com".
Hi Jon Scholten,
SSL.Server.Certificate.CN.ToWildcard matches *.email.tvslsl.com
SSL.Server.Certificate.CN.ToWildcard is "regex([^.]*\.email.tvssl\.com)" and String.ToWildCard is simply "*.email.tvslsl.com".