After firmware upgrade: NET::ERR_CERT_COMMON_NAME_INVALID
abonadonna
Posts: 7
in Security
Hello,
after firmware upgrade, when we try to go to https://www.youtube.com/ ONLY we have the error NET::ERR_CERT_COMMON_NAME_INVALID.
Could you help me?
after firmware upgrade, when we try to go to https://www.youtube.com/ ONLY we have the error NET::ERR_CERT_COMMON_NAME_INVALID.
Could you help me?
0
All Replies
-
Hi @abonadonna
Did you enable SSL Inspection function? You can have a try to update certificate package in SSL inspection function first.(SSL Inspection > Certificate Update)
0 -
I have the same problem. I've updated certificate package in SSL inspection, but not work
0 -
Hi @Riccardo_Baima
What's the web URL that display the error log to you?
Some of web page with higher security reason, it doesn't allow to replace as configured certificate.
Then browser will display error message and the content is unable to load.(HSTS error)
You can add URL into exclude list. Then web content could be display success. But Firewall is unable to inspect the content of the webpage.
0 -
Thanks for the reply. The website in question is https://youtube.com/ The following image is what I see. I tried your solution but it doesn't work. It is strange behavior of the firewall but I can find solutions.0
-
I don't use SSL Inspection. Finally I solve the problem disabling IP Reputation.....I try to use white list but nothing...please give us a solution!0
-
Hi @abonadonna @Riccardo_Baima
When the issue happening, you can use nslookup to result the URL by cmd.C:\>nslookup youtube.comAfter resulting the IP address from DNS server. You can enter the IP address into field for check if the IP address exist in cyber threats IP list.
If the URL is trusted, you can add IP address into "Allow List" first.
And then flush DNS cache on PC and Firewall first, and try to reconnect again.PC:
C:\>ipconfig /flushdns
Firewall:
Router(config)# ip dns server cache-flush
Almost cloud (Web)server are using dynamic IP address. The IP address may used by unsafe website, so it listed in cyber threats IP list. You may wait for next signature update, the IP address may remove from IP list in new version.
Also, you can check the IP safety by 3rd party resource if it has reported as unsafe IP. (e.g. Virustotal)0 -
Thanks for the reply, but it still doesn't work. In my USG FELX 100 the indicated page does not have the "IP to test" but only "URL to test". I tried with https://youtube.com and it gives no errors.However, I have noticed a warning: at the moment you cannot visit the website www.youtube.com because it uses HSTS. Network failures and attacks are typically temporary, so this page may work later.
As a last test I restarted Firewall0 -
Hi @Riccardo_Baima
When the Web page redirecting to error page, you can go to Monitor > Log page to check if there is any related log entries. If still can't find the reason, you may download startup-config.conf and send it to me by private message for further check.
0 -
In updating what was written before, I noticed that the youtube web page refers to an certificate not valid. I attach the image.0
-
Hi @Riccardo_Baima
In default Web Content Filter and DNS Content Filter, the "Media Sharing" is enabled by default profiles.
Once the HTTPS or DNS connection matched category, the CF service will redirect specific block web page to you. Of course the certificate will replaced too.
Due to the certificate doesn't match to the original URL, then browser will disconnect the session and display the error message(HSTS) to you.
You can go to Monitor > Log page to check the event log. Once the website been blocked, then system will have block log. You can add URL into Trusted Web Sites(or allow list) to fulfill your network requirement
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight