<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Issue is definitely a mismatched CN for me. Looks like Akamai pushed out a CNS cert to some endpoints without having the SANs fully populated for all of their customers sharing the cert. <div class=""><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Sep 30, 2015, at 4:55 PM, Jim Witherell via Outages <<a href="mailto:outages@outages.org" class="">outages@outages.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><table cellspacing="0" cellpadding="0" border="0" class=""><tbody class=""><tr class=""><td valign="top" class="">For instance go to <a href="https://www.irs.gov" class="">https://www.irs.gov</a> and <a href="https://Cincinnati.com" class="">https://Cincinnati.com</a> and you should see it. <div id="yMail_cursorElementTracker_0.17508759140037" class=""><br class=""></div><div id="yMail_cursorElementTracker_0.17508759140037" class="">We saw it here in the office, and at a few home employees tried it, and on cell phones from vzw and AT&T to. <br class=""><br class=""><p class=""><a href="https://overview.mail.yahoo.com/mobile/?.src=Android" class="">Sent from Yahoo Mail on Android</a></p> <hr class=""><table cellspacing="0" cellpadding="0" border="0" class=""> <tbody class=""> <tr class=""> <td valign="top" class=""> <div style="font-family:Roboto, sans-serif;color:#7e7d80;" class=""><b class="">From</b>:"Sajal Kayan" <<a href="mailto:sajal83@gmail.com" class="">sajal83@gmail.com</a>><br class=""><b class="">Date</b>:Wed, Sep 30, 2015 at 5:52 PM<br class=""><b class="">Subject</b>:Re: [outages] Akamai Cert Issues today<br class=""><br class=""></div> <div dir="ltr" class="">Certificate validates for me (on chrome)<div class="">And also <a rel="nofollow" shape="rect" target="_blank" href="https://pulse.turbobytes.com/results/560c589decbe400bf8001bbf/" class="">https://pulse.turbobytes.com/results/560c589decbe400bf8001bbf/</a> . Tested from multiple points. The tool does TLS validations.</div><div class="">Unrelated: That endpoint seems to be blackholed from china...</div><div class=""><br clear="none" class=""></div><div class="">What common name do you see in the cert given to you? I see "<a rel="nofollow" shape="rect" target="_blank" href="http://a248.e.akamai.net/" class="">a248.e.akamai.net</a>" which is valid.</div><div class=""><br clear="none" class=""></div><div class="">-Sajal</div></div><br clear="none" class=""><div class="gmail_quote"><div class="yqt4471721136 yQTDBase" id="yqt40288"><div dir="ltr" class="">On Thu, Oct 1, 2015 at 4:16 AM Jim Witherell via Outages <<a rel="nofollow" shape="rect" ymailto="mailto:outages@outages.org" target="_blank" href="javascript:return" class="">outages@outages.org</a>> wrote:<br clear="none" class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
 solid;padding-left:1ex;"><table cellspacing="0" cellpadding="0" border="0" class=""><tbody class=""><tr class=""><td colspan="1" rowspan="1" valign="top" class=""><span style="font-size:10pt;font-family:'Segoe UI', sans-serif;color:rgb(26,26,26);" class="">e noticed SSL warnings based around Akamai's "</span><u class=""><span style="font-size:10.0pt;" class=""><a rel="nofollow" shape="rect" target="_blank" href="http://a248.e.akamai.net/" style="font-size:11.001pt;line-height:140%;" class="">a248.e.akamai.net</a></span></u><span style="font-size:11.001pt;font-family:'Segoe UI', sans-serif;color:rgb(26,26,26);line-height:140%;" class="">"
 certificate <a rel="nofollow" shape="rect" style="font-size:11.001pt;line-height:140%;" class="">today</a>. NET::ERR_CERT_COMMON_NAME_INVALID is the most common error we're seeing. Can anyone comment on what may be going on? Looks like the cert was renewed or issued on <a rel="nofollow" shape="rect" style="font-size:11.001pt;line-height:140%;" class="">8/27/2015</a>. Wonder why we are noticing the errors from multiple points on the
 internet now?</span><br clear="none" class=""><p class="">Jim Witherell </p><p class="">Cincinnati OH </p></td></tr></tbody></table>_______________________________________________<br clear="none" class="">
Outages mailing list<br clear="none" class="">
<a rel="nofollow" shape="rect" ymailto="mailto:Outages@outages.org" target="_blank" href="javascript:return" class="">Outages@outages.org</a><br clear="none" class="">
<a rel="nofollow" shape="rect" target="_blank" href="https://puck.nether.net/mailman/listinfo/outages" class="">https://puck.nether.net/mailman/listinfo/outages</a><br clear="none" class="">
</blockquote></div></div></td>  </tr>   </tbody>   </table></div></td></tr></tbody></table>_______________________________________________<br class="">Outages mailing list<br class=""><a href="mailto:Outages@outages.org" class="">Outages@outages.org</a><br class="">https://puck.nether.net/mailman/listinfo/outages<br class=""></div></blockquote></div><br class=""></div></div></body></html>