07-11-2024 10:40 AM
The certificate errors related to 516 Upstream Certificate CN Mismatch are becoming very problematic for our company. Marketing emails are particularly problematic, and this is disruptive to our staff when trying to sign up for webinars and other "normal" activities.
I can't believe Cisco Umbrella is okay with such a disruptive and non-productive workflow. Users don't even get the normal block screen allowing them to request access to the blocked page.
Are there any plans to give administrators the control to allow users to bypass these warnings or a more user-friendly way of dealing with this issue?
07-11-2024 10:52 AM
@kbull it sounds like you using SSL decryption with Umbrella, in which case you must import the Umbrella root certificate to your computers, so they trust the Umbrella certificate.
https://docs.umbrella.com/deployment-umbrella/docs/enable-ssl-decryption
07-11-2024 11:01 AM
07-11-2024 11:11 AM
thanks, good to know.
07-11-2024 11:16 AM
Ken, you are correct that documented fixes exist, but getting companies to fix this is not easy or even feasible in many cases. For example, Home Depot's emails with order tracking links were breaking with this 516 Upstream error.
The other challenge is that there is no easy reporting for end users like a normal blocked page warning. Our staff aren't telling us about blocked pages until they get really frustrated or a block prevents them from doing their job, which is certainly not a good end-user experience. This will also start pushing staff to use personal devices over corporate devices, which, again, is not ideal.
07-11-2024 11:18 AM
We are using SSL decryption, and we have the Umbrella root certificate deployed otherwise, every site would break. The issue I am speaking of is documented here: Error 516 Upstream Certificate CN Mismatch – Cisco Umbrella
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide