Allowlist IP addresses for external SSL expiration scan

user13018 · July 13, 2023, 5:30pm

Client asks:

I am setting up a SSL expiration monitor on [domain name] but I am getting an error I believe is being caused by an application firewall.

Invalid SSL certificate. Authentication failed! Closing the connection… Exception message: A call to SSPI failed, see inner exception.
The message received was unexpected or badly formatted

Would you please forward this to the vendor to see if they have a means of allowlisting our networks?

Our external nats:

[ list of IP addresses]

I can dig further and exempt their IPs. I just wonder why firewalls would even come into play for such a scan.

If my Chrome/browser can reveal the validity of an SSL cert, why would an external scan run into problems?

user13018 · July 13, 2023, 6:04pm

The fact that I can get the expiration date with curl makes me puzzled by why an IP exemption would be the problem.

curl https://example.com -vI --stderr - | grep "expire date"
*  expire date: Mar 29 23:59:59 2024 GMT```

Cyb3r-Jak3 · July 14, 2023, 1:33am

That error they are seeing is related to Community Tip - Fixing Error 526: Invalid SSL certificates

system · July 29, 2023, 1:34am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.