SSL Host Error Bypass

  • 8 January 2024
  • 4 replies
  • 372 views

Hi

 

I have issue uploading file to a storage site that has "Host Name Mismatch" error. Further troubleshooting, it was related to "Security Cloud Platform-> Traffic Steering-> Steering Configuration-> MANAGE ERROR SETTINGS-> SSL Host Mismatch" which was set to "BLOCK".

 

Hence,

a) Where can I find the 'SSL Host Mismatch" error in Skope-IT?

b) How can I exclude this storage site from the above 'SSL Host Mismatch" Block setting?

 

Thank


4 replies

Userlevel 4
Badge +10

Hi @munster,

 

You could check more about the error probably in:

1. Skope IT -> Page events: You can filter for the particular host using the URL filter. Here, you can check for page events details to know more about the error.

2. You can also use nsdebuglog.log file to debug the issue by clicking on the Netskope client icon in the system tray -> Save Logs. Here, you can try to search for log lines containing the concerned URL.

3. 3rd party tools like OpenSSL, curl commands can also be used to check for any errors in SSL connection for the host. 

Hi madhurasridhar

Can I exclude this storage site from the above 'SSL Host Mismatch" Block setting?

thank

Hi munster, did you find a solution to this? We are having the same issue but do not want to change our error settings. We have been creating SSL DND policies in the interim as a stopgap. Thanks!

Ultimately this points to a cert issue at the server end. But right now the ‘Manage Error Settings’ you refer to are only applied globally. One course of action may be (as you said) to consider the bypass. But with these situations you should also confirm whether the browser will tolerate the error even without Netskope in the flow.

Reply