<div dir="ltr"><div>Agree with Chris Swingler</div><div><br></div><a href="https://cincinnati.com/">https://cincinnati.com/</a> Gives NET::ERR_CERT_COMMON_NAME_INVALID . That does not appear to be chain issues. Its because <a href="http://cincinnati.com">cincinnati.com</a> is not in the common name or in the SAN.<div><br></div><div>The certificate provided is valid only for</div><div><br></div><div>CN : <a href="http://a248.e.akamai.net">a248.e.akamai.net</a></div><div>SAN:-</div><div><div>DNS Name: <a href="http://a248.e.akamai.net">a248.e.akamai.net</a></div><div>DNS Name: *.<a href="http://akamaihd.net">akamaihd.net</a></div><div>DNS Name: *.<a href="http://akamaihd-staging.net">akamaihd-staging.net</a></div><div>DNS Name: *.<a href="http://akamaized.net">akamaized.net</a></div><div>DNS Name: *.<a href="http://akamaized-staging.net">akamaized-staging.net</a></div></div><div><br></div><div>Looks like someone messed up DNS config, or forgot to add some SANs.</div><div><br></div><div><a href="https://pulse.turbobytes.com/results/560c5bb9ecbe400bf8001bc6/">https://pulse.turbobytes.com/results/560c5bb9ecbe400bf8001bc6/</a><br></div><div><br></div><div>-Sajal</div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Oct 1, 2015 at 5:00 AM Jim Witherell <<a href="mailto:jawitherell@yahoo.com">jawitherell@yahoo.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><table cellspacing="0" cellpadding="0" border="0"><tr><td valign="top">Another item: go to <a href="http://sslshopper.com" target="_blank">sslshopper.com</a> and click "ssl checker" and type in <a href="http://www.Cincinnati.com" target="_blank">www.Cincinnati.com</a> or www. and see that the chain is broken. </td></tr></table><table cellspacing="0" cellpadding="0" border="0"><tr><td valign="top"><br><br><p><a href="https://overview.mail.yahoo.com/mobile/?.src=Android" target="_blank">Sent from Yahoo Mail on Android</a></p> <hr></td></tr></table><table cellspacing="0" cellpadding="0" border="0"><tr><td valign="top"><table cellspacing="0" cellpadding="0" border="0"> <tbody> <tr> <td valign="top"> <div style="font-family:Roboto,sans-serif;color:#7e7d80"><b>From</b>:"Jeff Walter" <<a href="mailto:jwalter@weebly.com" target="_blank">jwalter@weebly.com</a>><br><b>Date</b>:Wed, Sep 30, 2015 at 5:55 PM</div></td></tr></tbody></table></td></tr></table><table cellspacing="0" cellpadding="0" border="0"><tr><td valign="top"><table cellspacing="0" cellpadding="0" border="0"><tbody><tr><td valign="top"><div style="font-family:Roboto,sans-serif;color:#7e7d80"><br><b>Subject</b>:Re: [outages] Akamai Cert Issues today<br><br></div></td></tr></tbody></table></td></tr></table><table cellspacing="0" cellpadding="0" border="0"><tr><td valign="top"><table cellspacing="0" cellpadding="0" border="0"><tbody><tr><td valign="top"> <div dir="ltr">It's not a problem with the CN or the SANs on the certificate. The issue is a broken trust path. My guess would be they're using a new root CA that doesn't have good coverage yet.</div><div class="gmail_extra"><br clear="none"><div class="gmail_quote">On Wed, Sep 30, 2015 at 2:52 PM, Sajal Kayan via Outages <span dir="ltr"><<a rel="nofollow" shape="rect">outages@outages.org</a>></span> wrote:<br clear="none"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Certificate validates for me (on chrome)<div>And also <a rel="nofollow" shape="rect" href="https://pulse.turbobytes.com/results/560c589decbe400bf8001bbf/" target="_blank">https://pulse.turbobytes.com/results/560c589decbe400bf8001bbf/</a> . Tested from multiple points. The tool does TLS validations.</div><div>Unrelated: That endpoint seems to be blackholed from china...</div><div><br clear="none"></div><div>What common name do you see in the cert given to you? I see "<a rel="nofollow" shape="rect" href="http://a248.e.akamai.net" target="_blank">a248.e.akamai.net</a>" which is valid.</div><div><br clear="none"></div><div>-Sajal</div></div><br clear="none"><div class="gmail_quote"><div><div><div dir="ltr">On Thu, Oct 1, 2015 at 4:16 AM Jim Witherell via Outages <<a rel="nofollow" shape="rect">outages@outages.org</a>> wrote:<br clear="none"></div></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><table cellspacing="0" cellpadding="0" border="0"><tbody><tr><td colspan="1" rowspan="1" valign="top"><span style="font-size:10pt;font-family:'Segoe UI',sans-serif;color:rgb(26,26,26)">e noticed SSL warnings based around Akamai's "</span><u><span style="font-size:10.0pt"><a rel="nofollow" shape="rect" href="http://a248.e.akamai.net" style="font-size:11.001pt;line-height:140%" target="_blank">a248.e.akamai.net</a></span></u><span style="font-size:11.001pt;font-family:'Segoe UI',sans-serif;color:rgb(26,26,26);line-height:140%">"
certificate <a rel="nofollow" shape="rect" style="font-size:11.001pt;line-height:140%">today</a>. NET::ERR_CERT_COMMON_NAME_INVALID is the most common error we're seeing. Can anyone comment on what may be going on? Looks like the cert was renewed or issued on <a rel="nofollow" shape="rect" style="font-size:11.001pt;line-height:140%">8/27/2015</a>. Wonder why we are noticing the errors from multiple points on the
internet now?</span><br clear="none"><p>Jim Witherell </p><p>Cincinnati OH </p></td></tr></tbody></table></div></div>_______________________________________________<br clear="none">
Outages mailing list<br clear="none">
<a rel="nofollow" shape="rect">Outages@outages.org</a><br clear="none">
<a rel="nofollow" shape="rect" href="https://puck.nether.net/mailman/listinfo/outages" target="_blank">https://puck.nether.net/mailman/listinfo/outages</a><div><br clear="none">
</div></blockquote></div><div>
<br clear="none">_______________________________________________<br clear="none">
Outages mailing list<br clear="none">
<a rel="nofollow" shape="rect">Outages@outages.org</a><br clear="none">
<a rel="nofollow" shape="rect" href="https://puck.nether.net/mailman/listinfo/outages" target="_blank">https://puck.nether.net/mailman/listinfo/outages</a><br clear="none">
<br clear="none"></div></blockquote></div><div><br clear="none"></div></div></td></tr></tbody></table></td></tr></table></blockquote></div>