[outages] Akamai Cert Issues today

Sajal Kayan sajal83 at gmail.com
Wed Sep 30 18:14:58 EDT 2015 

Question: was www.irs.gov ever on https ?

On Thu, Oct 1, 2015 at 5:05 AM Sajal Kayan <sajal83 at gmail.com> wrote:

> Agree with Chris Swingler
>
> https://cincinnati.com/ Gives NET::ERR_CERT_COMMON_NAME_INVALID . That
> does not appear to be chain issues. Its because cincinnati.com is not in
> the common name or in the SAN.
>
> The certificate provided is valid only for
>
> CN : a248.e.akamai.net
> SAN:-
> DNS Name: a248.e.akamai.net
> DNS Name: *.akamaihd.net
> DNS Name: *.akamaihd-staging.net
> DNS Name: *.akamaized.net
> DNS Name: *.akamaized-staging.net
>
> Looks like someone messed up DNS config, or forgot to add some SANs.
>
> https://pulse.turbobytes.com/results/560c5bb9ecbe400bf8001bc6/
>
> -Sajal
>
> On Thu, Oct 1, 2015 at 5:00 AM Jim Witherell <jawitherell at yahoo.com>
> wrote:
>
>> Another item: go to sslshopper.com and click "ssl checker" and type in
>> www.Cincinnati.com or www. and see that the chain is broken.
>>
>> Sent from Yahoo Mail on Android
>> <https://overview.mail.yahoo.com/mobile/?.src=Android>
>> ------------------------------
>> *From*:"Jeff Walter" <jwalter at weebly.com>
>> *Date*:Wed, Sep 30, 2015 at 5:55 PM
>>
>> *Subject*:Re: [outages] Akamai Cert Issues today
>>
>> It's not a problem with the CN or the SANs on the certificate. The issue
>> is a broken trust path. My guess would be they're using a new root CA that
>> doesn't have good coverage yet.
>>
>> On Wed, Sep 30, 2015 at 2:52 PM, Sajal Kayan via Outages <
>> outages at outages.org> wrote:
>>
>>> Certificate validates for me (on chrome)
>>> And also https://pulse.turbobytes.com/results/560c589decbe400bf8001bbf/ .
>>> Tested from multiple points. The tool does TLS validations.
>>> Unrelated: That endpoint seems to be blackholed from china...
>>>
>>> What common name do you see in the cert given to you? I see "
>>> a248.e.akamai.net" which is valid.
>>>
>>> -Sajal
>>>
>>> On Thu, Oct 1, 2015 at 4:16 AM Jim Witherell via Outages <
>>> outages at outages.org> wrote:
>>>
>>>> e noticed SSL warnings based around Akamai's "*a248.e.akamai.net
>>>> <http://a248.e.akamai.net>*" certificate today.
>>>> NET::ERR_CERT_COMMON_NAME_INVALID is the most common error we're seeing.
>>>> Can anyone comment on what may be going on? Looks like the cert was renewed
>>>> or issued on 8/27/2015. Wonder why we are noticing the errors from
>>>> multiple points on the internet now?
>>>>
>>>> Jim Witherell
>>>>
>>>> Cincinnati OH
>>>> _______________________________________________
>>>> Outages mailing list
>>>> Outages at outages.org
>>>> https://puck.nether.net/mailman/listinfo/outages
>>>>
>>>>
>>> _______________________________________________
>>> Outages mailing list
>>> Outages at outages.org
>>> https://puck.nether.net/mailman/listinfo/outages
>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages/attachments/20150930/34dc4156/attachment.htm>

More information about the Outages mailing list