Trouble with SSL inspection

mulbzh · ‎04-02-2025

Hello and sorry for my english,

I have basic inspection configuration, like this :

but i have a lot of SSL anomaly in security events, more than 22,000 and sites are blocked; for example :

to website mask.apple-dns.net

Event Type : ssl-anomaly
Event Subtype : certificate-probe-failed

what can i do ?

thanks a lot

AEK · ‎04-02-2025

Hi

This is because mask.apple-dns.net on TCP 443 has no certificate.

AEK

mulbzh · ‎04-02-2025

so what i have to do ?

AEK · ‎04-02-2025

But what are you trying to do? I see https;//mask.apple-dns.net is not a valid location (no Web server behind). So the question is why are you trying to access this location?

AEK

dingjerry_FTNT · ‎04-02-2025

Hi @mulbzh ,

If you test this website:

https://www.ssllabs.com/ssltest/analyze.html?d=mask.apple-dns.net

You will see that all the entries are failed.

Not sure what you need to do with this website, but you may add it to the SSL Inspection Exempt list.

Regards,

Jerry

mulbzh · ‎04-02-2025

i have got many and many others erros like this :

also i can't do SSL exceptin, this option is only enable when SSL Deep inspection is selected

AEK · ‎04-02-2025

From your screenshot I tested the IP that have blocked sessions and all don't have a certificate, so SSL can't take place, just like for mask.apple-dns.net.

But still don't know what you are trying to do. Do you or your users have troubles using some applications?

AEK

Trouble with SSL inspection

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website