Meraki

Community

Umbrella Intelligent Proxy SSL Decryption 516 Upstream Certificate CN Mismatch

Solved
from_afar
Building a reputation
‎Sep 23 2024 12:18 PM
‎Sep 23 2024 12:18 PM

Umbrella Intelligent Proxy SSL Decryption 516 Upstream Certificate CN Mismatch

I started getting the dreaded 516 Upstream CN Mismatch error this afternoon for a few users. It is odd because on the page itself, there is no SSL error. Checking the certificate itself, the CN matches fine. I re-installed the Umbrella root CA just in case, but still get the error. 

 

The connection is "secure" according to the browser:

 

Screenshot 2024-09-23 at 3.07.10 PM.png

 

Found this help article https://support.umbrella.com/hc/en-us/articles/16794331853588-How-do-I-resolve-the-error-516-Upstrea... and the SAN matches as well:

 

Screenshot 2024-09-23 at 3.04.48 PM.png

 

I did turn intelligent proxy and ssl decryption off for a short while ~5 hours ago or so trying to diagnose a website issue, but other than that didn't make any changes. Am I missing something obvious here? I did re-download the root CA since re-enabling ssl decryption and imported it on the machine I'm testing on (and took the above screenshots from) and imported to the trusted root CA store, but I think the cert was the same. 

Labels:
0 Kudos
1 Accepted Solution
from_afar
Building a reputation
‎Sep 28 2024 12:50 PM
‎Sep 28 2024 12:50 PM

The issue seems to have fixed itself once again which is super frustrating as I'd rather know what went wrong so I could fix it but the problem seems to be resolved. 

View solution in original post

0 Kudos
3 Replies 3
Malwina
Meraki Employee
Meraki Employee
‎Sep 24 2024 2:33 AM
‎Sep 24 2024 2:33 AM

It may be beneficial to reach out to Cisco Umbrella support, especially if you have already followed the article on the 516 error https://umbrella.cisco.com/support

In response to Malwina
from_afar
Building a reputation
‎Sep 28 2024 12:53 PM
‎Sep 28 2024 12:53 PM

Thanks. Unfortunately, I'm leasing the system from AT&T which has been an absolute nightmare. As such, Cisco/Meraki just sends me their way and they have been abysmal when trying to get help hence I try to fix things myself first, then come here if I can't. 

 

At any rate, it fixed itself which is frustrating but at least it's fixed. 

 

Thanks for the reply.

0 Kudos
from_afar
Building a reputation
‎Sep 28 2024 12:50 PM
‎Sep 28 2024 12:50 PM

The issue seems to have fixed itself once again which is super frustrating as I'd rather know what went wrong so I could fix it but the problem seems to be resolved. 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.