It is better if you use a bypass rule with a "Stop Rule Set" action for gmail.com in the Certification Verification ruleset rather than using the global whitelist.
Default global whitelist uses Stop Cycle action which stops the checking of the traffic against the other rules.
This means it bypasses your DLP ruleset, AV scanning, among others. But this is also a temporary workaround. You must divulge more unto why you receive the CN error.
Haven't tested this, but what if you added a rule something like this?
Criteria: URL.Host.BelongsToDomains (gmail.com) equals true
Events: Set URL.Host = "mail.google.com"
When someone puts www.gmail.com into their web browser, MWG would change that to mail.google.com before you reach certificate verification so the certificate CN should then match.
This would need to go above the certificate verification rules in the SSL Scanner rule set.
Having this same issue too. We're on the 7.4.2 beta (to address a different, although similar issue), so it might be something that needs to go back to Engineering.
I tried the rule suggested by btlyric above, but it sent the browser into a loop. Seems that www.gmail.com is a CNAME for mail.google.com, but the MWG doesn't like that the cert presented isn't the one that is initially requested.
Will see what PS has to say about this.
If you have an SR # let me know what it is.
We're thinking this could be MCP or WinXp related. Does anyone else match this criteria?