TLS/SSL Inspector KB and FAQs
Troubleshooting TLS/SSL Certificate Inspector Failures
Blocklisting by Host
Occasionally, the entity that hosts websites will deploy security software that blocks bot traffic or scanning traffic to Port 443 that is not originated from a web browser. Because our inspections run from our Cloud Agent, these inspections will fail if your On-Demand Agent IP address has been blocklisted. This normally surfaces as an error message stating the the inspection has timed out.
Liongard is currently exploring ways to address this condition, and will update this KB accordingly.
Certificates Bound to Ports Other than 433
TLS/SSL inspections can fail if the certificate has been bound to a port other than 443. If this condition exists, you will need to add the correct port in your Inspector setup (example below) by clicking the three dots next to the friendly name of the Inspector and selecting "edit."
Private TLS/SSL Certificates
Currently, the TLS/SSL Inspector will only work on public domains. Certificates on private/internal domains are not supported.
Updated about 1 year ago