Issue is definitely a mismatched CN for me. Looks like Akamai pushed out a CNS cert to some endpoints without having the SANs fully populated for all of their customers sharing the cert.
On Sep 30, 2015, at 4:55 PM, Jim Witherell via Outages <outages@outages.org> wrote:
For instance go to https://www.irs.gov and https://Cincinnati.com and you should see it.
We saw it here in the office, and at a few home employees tried it, and on cell phones from vzw and AT&T to.
Sent from Yahoo Mail on Android <https://overview.mail.yahoo.com/mobile/?.src=Android> From:"Sajal Kayan" <sajal83@gmail.com> Date:Wed, Sep 30, 2015 at 5:52 PM Subject:Re: [outages] Akamai Cert Issues today
Certificate validates for me (on chrome) And also https://pulse.turbobytes.com/results/560c589decbe400bf8001bbf/ <https://pulse.turbobytes.com/results/560c589decbe400bf8001bbf/> . Tested from multiple points. The tool does TLS validations. Unrelated: That endpoint seems to be blackholed from china...
What common name do you see in the cert given to you? I see "a248.e.akamai.net <http://a248.e.akamai.net/>" which is valid.
-Sajal
On Thu, Oct 1, 2015 at 4:16 AM Jim Witherell via Outages <outages@outages.org <javascript:return>> wrote: e noticed SSL warnings based around Akamai's "a248.e.akamai.net <http://a248.e.akamai.net/>" certificate today <>. NET::ERR_CERT_COMMON_NAME_INVALID is the most common error we're seeing. Can anyone comment on what may be going on? Looks like the cert was renewed or issued on 8/27/2015 <>. Wonder why we are noticing the errors from multiple points on the internet now? Jim Witherell
Cincinnati OH
_______________________________________________ Outages mailing list Outages@outages.org <javascript:return> https://puck.nether.net/mailman/listinfo/outages <https://puck.nether.net/mailman/listinfo/outages> _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages