Allowlist IP addresses for external SSL expiration scan

Client asks:

I am setting up a SSL expiration monitor on [domain name] but I am getting an error I believe is being caused by an application firewall.

Invalid SSL certificate. Authentication failed! Closing the connection… Exception message: A call to SSPI failed, see inner exception.
The message received was unexpected or badly formatted

Would you please forward this to the vendor to see if they have a means of allowlisting our networks?

Our external nats:

[ list of IP addresses]

I can dig further and exempt their IPs. I just wonder why firewalls would even come into play for such a scan.

If my Chrome/browser can reveal the validity of an SSL cert, why would an external scan run into problems?

The fact that I can get the expiration date with curl makes me puzzled by why an IP exemption would be the problem.

curl -vI --stderr - | grep "expire date"
*  expire date: Mar 29 23:59:59 2024 GMT```

That error they are seeing is related to Community Tip - Fixing Error 526: Invalid SSL certificates

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.