http://ocsp.digicert.com categorized as a Malware Site
Hi All,
I keep getting logs that the site ocsp.digicert.com/* is being blocked because it's a malware site, which is kinda strange for me, since DigiCert is world renowed CA and OCSP is the Online Certificate Status Protocol.
That's certainly a valid site, and should get categorized as "Computer and Internet Security , Business and Economy". You can do a Webroot BrightCloud URL lookup on http://brightcloud.com/tools/url-ip-lookup.php and you can also go to the "Content Filtering" page in Dashboard and use the URL lookup tool there, make sure they're giving identical results. Might be best to open a case with Meraki Support, they may be aware and seeing other similar cases, and can advise if there might be an open case with the Webroot BrightCloud threat intelligence team. I've seen this once before in the past, there was a BrightCloud categorization issue with sites like digicert.com, globalsign.com, omniroot.com that incorrectly categorized them as malicious sites, but it was quickly resolved, like within a day or two.
That's certainly a valid site, and should get categorized as "Computer and Internet Security , Business and Economy". You can do a Webroot BrightCloud URL lookup on http://brightcloud.com/tools/url-ip-lookup.php and you can also go to the "Content Filtering" page in Dashboard and use the URL lookup tool there, make sure they're giving identical results. Might be best to open a case with Meraki Support, they may be aware and seeing other similar cases, and can advise if there might be an open case with the Webroot BrightCloud threat intelligence team. I've seen this once before in the past, there was a BrightCloud categorization issue with sites like digicert.com, globalsign.com, omniroot.com that incorrectly categorized them as malicious sites, but it was quickly resolved, like within a day or two.
In the meantime you can also probably just whitelist it.
Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO If this was helpful click the Kudo button below If my reply solved your issue, please mark it as a solution.
Yes, both the Meraki URL Lookup tool and BrightCloud URL Lookup tool provide the same result - Computer and Internet Securry, Business and Economy. I'll open a case with Meraki support and meanwhile upgrade the firmware of the security appliance.
There was a lot of problems in the 12.xx code not applying content filtering correctly. Try selecting the "Top Sites Only" under: Security Appliance/Content Filtering
Or better yet, upgrade to 13.28, which works well.
Get notified when there are additional replies to this discussion.