Troubleshooting TLS/SSL Certificate Inspector Failures

Blocklisting by Host

Occasionally, the entity that hosts websites will deploy security software that blocks bot traffic or scanning traffic to Port 443 that is not originated from a web browser. Because our inspections run from our Cloud Agent, these inspections will fail if your On-Demand Agent IP address has been blocklisted. This normally surfaces as an error message stating the the inspection has timed out.

Liongard is currently exploring ways to address this condition, and will update this KB accordingly.

Certificates Bound to Ports Other than 433

TLS/SSL inspections can fail if the certificate has been bound to a port other than 443. If this condition exists, you will need to add the correct port in your Inspector setup (example below) by clicking the three dots next to the friendly name of the Inspector and selecting "edit."

Private TLS/SSL Certificates

Currently, the TLS/SSL Inspector will only work on public domains. Certificates on private/internal domains are not supported.