tech.safesquid.com

SafeSquid SWG Community Support
http://tech.safesquid.com/forum/

S_X509_DNS_MISMATCH: SSL Certificate Has DNS Error

http://tech.safesquid.com/forum/viewtopic.php?f=56&t=118

Page 1 of 1

S_X509_DNS_MISMATCH: SSL Certificate Has DNS Error

Posted: Sat Jul 20, 2019 7:10 am
by Saurabh
Hello,
I am Getting an Error while trying to access my Internal Site https://webmail.safesquid.net:2096/ via SafeSquid proxy.
SafeSquid is displaying template :
SSL Connection to webmail.safesquid.net:2096 denied
S_X509_DNS_MISMATCH: SSL Certificate has DNS errors.

Re: S_X509_DNS_MISMATCH: SSL Certificate Has DNS Error

Posted: Sat Jul 20, 2019 7:12 am
by samidha
Hello Saurabh,
When you access any website via proxy and face error "S_X509_DNS_MISMATCH: SSL Certificate has DNS errors"
that means certificate of that website is broken.
(Even you properly configured SSL certificate inside browser)
SafeSquid stores all those websites whose certificates are broken under this path /var/db/safesquid/ssl/badcerts/

root@dev:~# cd /var/db/safesquid/ssl/
root@dev:/var/db/safesquid/ssl# ll
total 52
drwxrwxr-- 2 ssquid root 4096 Jul 4 2017 serials
drwxrwxr-- 2 ssquid root 4096 Mar 9 16:30 goodcerts
drwxrwxr-- 71 ssquid root 4096 Mar 9 16:45 badcerts
drwxrwxr-- 1022 ssquid root 36864 Mar 12 12:16 certs

You should find the domain of website at given path.
Run command: cd /var/db/safesquid/ssl/badcerts/
=====
root@dev:/var/db/safesquid/ssl/badcerts# ll
total 276

drwxrwxr-- 2 ssquid root 4096 Mar 8 12:07 1rx.io
drwxrwxr-- 2 ssquid root 4096 Mar 8 12:32 ravenad.com
drwxrwxr-- 2 ssquid root 4096 Mar 8 15:36 microsoft.com
drwxrwxr-- 2 ssquid root 4096 Mar 8 16:04 indiatimes.com
drwxrwxr-- 2 ssquid root 4096 Mar 8 19:08 quoracdn.net
drwxrwxr-- 2 ssquid root 4096 Mar 9 15:25 iis.net
drwxrwxr-- 2 ssquid root 4096 Mar 9 16:27 safesquid.net
=====
Go to that domain name folder by command : cd domain-name
(e.g. safesquid.net)
Run command: cd safesquid.net
=====
root@dev:/var/db/safesquid/ssl/badcerts/safesquid.net# ll
total 8
-rw-rw-r-- 1 ssquid root 5904 Mar 9 15:43 webmail.safesquid.net
======

You should find FQDN of that website in list.(e.g. webmail.safesquid.net)

Go to that FQDN by command :vi FQDN (e.g. vi webmail.safesquid.net
Run command:vi webmail.safesquid.net
Here you should find mismatch domain name
=====
root@dev:/var/db/safesquid/ssl/badcerts/safesquid.net# vi webmail.safesquid.net
---
S_X509_DNS_MISMATCH: SSL Certificate has DNS errors.
---
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f8:bd:5e:60:3d:26:db:5d:1a:c0:6a:05:92:ee:c7:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=TX, L=Houston, O=cPanel, Inc., CN=cPanel, Inc. Certification Authority
Validity
Not Before: Jul 23 00:00:00 2017 GMT
Not After : Jul 23 23:59:59 2018 GMT
Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=alpha.surebrowse.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
=====

To ALLOW Block domain mismatch in the web-site SSL certificate, you have to create a policy
Follow Link : https://docs.safesquid.com/wiki/SSL_cer ... errors..22

Re: S_X509_DNS_MISMATCH: SSL Certificate Has DNS Error

Posted: Sat Jul 20, 2019 7:19 am
by Saurabh
:lol: Thanks Samidha
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/